Offensive Security
|
d63de06c7a
|
DB: 2022-11-10
2776 changes to exploits/shellcodes/ghdb
|
2022-11-10 16:39:50 +00:00 |
|
Offensive Security
|
b4c96a5864
|
DB: 2021-09-03
28807 changes to exploits/shellcodes
|
2021-09-03 20:19:21 +00:00 |
|
Offensive Security
|
36c084c351
|
DB: 2021-09-03
45419 changes to exploits/shellcodes
2 new exploits/shellcodes
Too many to list!
|
2021-09-03 13:39:06 +00:00 |
|
Offensive Security
|
bb9f12afc7
|
DB: 2020-06-16
3 changes to exploits/shellcodes
SOS JobScheduler 1.13.3 - Stored Password Decryption
Linux/ARM - execve /bin/dash Shellcode (32 bytes)
Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)
|
2020-06-16 05:01:56 +00:00 |
|
Offensive Security
|
54bc76dcfd
|
DB: 2019-10-09
3 changes to exploits/shellcodes
vBulletin 5.0 < 5.5.4 - Unauthenticated Remote Code Execution
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
Zabbix 4.4 - Authentication Bypass
vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution
Linux/ARM - Fork Bomb Shellcode (20 bytes)
|
2019-10-09 05:01:45 +00:00 |
|
Offensive Security
|
4afcc04eda
|
DB: 2019-07-02
24 changes to exploits/shellcodes
Linux Mint 18.3-19.1 - 'yelp' Command Injection
FaceSentry Access Control System 6.4.8 - Remote SSH Root
WorkSuite PRM 2.4 - 'password' SQL Injection
CiuisCRM 1.6 - 'eventType' SQL Injection
Varient 1.6.1 - SQL Injection
PowerPanel Business Edition - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting
SAP Crystal Reports - Information Disclosure
Sahi pro 8.x - Directory Traversal
CyberPanel 1.8.4 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
Linux/ARM64 - execve(_/bin/sh__ NULL_ NULL) Shellcode (40 Bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)
Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)
Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)
Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)
Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)
Linux/ARM64 - Egghunter (PWN!PWN!) + execve(_/bin/sh__ NULL_ NULL) + mprotect() Shellcode (88 Bytes)
Linux/ARM64 - mmap() + read() stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (60 Bytes)
Linux/ARM64 - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (8 Bytes)
Linux/ARM64 - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (48 Bytes)
Linux/x86 - execve /bin/sh using JMP-CALL-POP Shellcode (21 bytes)
|
2019-07-02 05:01:50 +00:00 |
|
Offensive Security
|
56498e7891
|
DB: 2019-04-23
10 changes to exploits/shellcodes
Ease Audio Converter 5.30 - '.mp4' Denial of Service (PoC)
QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)
LabF nfsAxe 3.7 Ping Client - 'Host IP' Buffer Overflow (Direct Ret)
ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit)
WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)
Msvod 10 - Cross-Site Request Forgery (Change User Information)
UliCMS 2019.2 / 2019.1 - Multiple Cross-Site Scripting
Linux/ARM - Password-Protected Reverse TCP Shellcode (100 bytes)
|
2019-04-23 05:02:04 +00:00 |
|
Offensive Security
|
b68cbec24d
|
DB: 2019-01-29
26 changes to exploits/shellcodes
Sricam gSOAP 2.8 - Denial of Service
Smart VPN 1.1.3.0 - Denial of Service (PoC)
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
BEWARD Intercom 2.3.1 - Credentials Disclosure
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass)
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass)
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference
CMSsite 1.0 - 'cat_id' SQL Injection
CMSsite 1.0 - 'search' SQL Injection
Cisco RV300 / RV320 - Information Disclosure
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Teameyo Project Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection
Linux/x86 - exit(0) Shellcode (5 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)
Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes)
Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
|
2019-01-29 05:01:52 +00:00 |
|
Offensive Security
|
6efd01d5b6
|
DB: 2018-09-27
5 changes to exploits/shellcodes
TransMac 12.2 - Denial of Service (PoC)
CrossFont 7.5 - Denial of Service (PoC)
Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath
Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)
|
2018-09-27 05:01:58 +00:00 |
|
Offensive Security
|
ed0e1e4d44
|
DB: 2018-09-25
1979 changes to exploits/shellcodes
Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)
Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection
Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass
Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload
Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection
Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure
Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)
Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
|
2018-09-25 05:01:51 +00:00 |
|
Offensive Security
|
29542c36ab
|
DB: 2018-09-19
7 changes to exploits/shellcodes
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion
Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
HongCMS 3.0.0 - SQL Injection
HongCMS 3.0.0 - (Authenticated) SQL Injection
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting
Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)
|
2018-09-19 05:01:45 +00:00 |
|
Offensive Security
|
14bdc56535
|
DB: 2018-09-05
6 changes to exploits/shellcodes
iSmartViewPro 1.5 - 'DDNS' Buffer Overflow
Logicspice FAQ Script 2.9.7 - Remote Code Execution
PHP File Browser Script 1 - Directory Traversal
Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection
mooSocial Store Plugin 2.6 - SQL Injection
Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes)
|
2018-09-05 05:01:52 +00:00 |
|
Offensive Security
|
011bb3564a
|
DB: 2018-08-31
8 changes to exploits/shellcodes
NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)
Nord VPN 6.14.31 - Denial of Service (PoC)
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting
DLink DIR-601 - Credential Disclosure
WordPress Plugin Quizlord 2.0 - Cross-Site Scripting
Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting
Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
|
2018-08-31 05:01:57 +00:00 |
|
Offensive Security
|
444206a6be
|
DB: 2018-08-30
21 changes to exploits/shellcodes
NASA openVSP 3.16.1 - Denial of Service (PoC)
Immunity Debugger 1.85 - Denial of Service (PoC)
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
Fathom 2.4 - Denial Of Service (PoC)
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
HD Tune Pro 5.70 - Denial of Service (PoC)
Drive Power Manager 1.10 - Denial Of Service (PoC)
Easy PhotoResQ 1.0 - Denial Of Service (PoC)
Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC)
SIPP 3.3 - Stack-Based Buffer Overflow
R 3.4.4 - Buffer Overflow (SEH)
Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
phpMyAdmin 4.7.x - Cross-Site Request Forgery
Episerver 7 patch 4 - XML External Entity Injection
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes)
Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode
Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)
Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)
|
2018-08-30 05:01:54 +00:00 |
|
Offensive Security
|
3aca47020d
|
DB: 2018-08-04
10 changes to exploits/shellcodes
FTPShell Client 5.24 - Add to Favorites Buffer Overflow
FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow
FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
Wedding Slideshow Studio 1.36 - Buffer Overflow
Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit)
Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting
Auditor Website 2.0.1 - Cross-Site Scripting
Basic B2B Script 2.0.0 - Cross-Site Scripting
Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting
PHP Template Store Script 3.0.6 - Cross-Site Scripting
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal
Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes)
Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (128 Bytes)
|
2018-08-04 05:01:46 +00:00 |
|
Offensive Security
|
903bf974eb
|
DB: 2018-08-02
10 changes to exploits/shellcodes
ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)
Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)
WebRTC - VP8 Block Decoding Use-After-Free
WebRTC - FEC Processing Overflow
WebRTC - H264 NAL Packet Processing Type Confusion
Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)
Axis Network Camera - .srv to parhand RCE (Metasploit)
SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit)
Synology DiskStation Manager 4.1 - Directory Traversal
Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)
|
2018-08-02 05:02:43 +00:00 |
|
Offensive Security
|
a657b64301
|
DB: 2018-07-17
7 changes to exploits/shellcodes
macOS/iOS - JavaScript Injection Bug in OfficeImporter
Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection
Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit)
Hadoop YARN ResourceManager - Command Execution (Metasploit)
VelotiSmart WiFi B-380 Camera - Directory Traversal
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting
Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)
|
2018-07-17 05:01:49 +00:00 |
|
Offensive Security
|
0381c4c519
|
DB: 2018-06-09
11 changes to exploits/shellcodes
Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service
WebKit - WebAssembly Compilation Info Leak
Google Chrome - Integer Overflow when Processing WebAssembly Locals
WebKit - Use-After-Free when Resuming Generator
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass
MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2)
Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure
MantisBT 1.2.3 (db_type) - Local File Inclusion
Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion
Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis 0.19 - Remote Server-Side Script Execution
Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x - New Account Signup Mass Emailing
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing
Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection
Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection
MantisBT 1.2.19 - Host Header
Mantis Bug Tracker 1.2.19 - Host Header
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)
Monstra CMS < 3.0.4 - Cross-Site Scripting Automation
Monstra CMS < 3.0.4 - Cross-Site Scripting
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Splunk < 7.0.1 - Information Disclosure
Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)
|
2018-06-09 05:01:42 +00:00 |
|
Offensive Security
|
0f18636d14
|
DB: 2018-06-01
9 changes to exploits/shellcodes
Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion
TAC Xenta 511/911 - Directory Traversal
New STAR 2.1 - SQL Injection / Cross-Site Scripting
PHP Dashboards NEW 5.5 - 'email' SQL Injection
CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting
Grid Pro Big Data 1.0 - SQL Injection
Linux/x86 - EggHunter + access() Shellcode (38 bytes)
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)
|
2018-06-01 05:01:45 +00:00 |
|
Offensive Security
|
ae6ab38369
|
DB: 2018-02-20
3 changes to exploits/shellcodes
Aastra 6755i SIP SP4 - Denial of Service
October CMS < 1.0.431 - Cross-Site Scripting
Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)
Linux/x86 - shutdown -h now Shellcode (56 bytes)
Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)
Linux/x86 - shutdown -h now Shellcode (56 bytes)
Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x64 - shutdown -h now Shellcode (65 bytes)
Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)
|
2018-02-20 05:01:50 +00:00 |
|
Offensive Security
|
acaa042761
|
DB: 2018-01-29
21 changes to exploits/shellcodes
Artifex MuJS 1.0.2 - Denial of Service
Artifex MuJS 1.0.2 - Integer Overflow
BMC BladeLogic 8.3.00.64 - Remote Command Execution
Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution
PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
Gnew 2018.1 - Cross-Site Request Forgery
Nexpose < 6.4.66 - Cross-Site Request Forgery
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download
Task Rabbit Clone 1.0 - 'id' SQL Injection
TSiteBuilder 1.0 - SQL Injection
Hot Scripts Clone - 'subctid' SQL Injection
Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection
Buddy Zone 2.9.9 - SQL Injection
Netis WF2419 Router - Cross-Site Request Forgery
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
Linux/x86 - Egghunter Shellcode (12 Bytes)
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)
|
2018-01-29 05:01:45 +00:00 |
|
Offensive Security
|
cf96346519
|
DB: 2018-01-25
124 changes to exploits/shellcodes
Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
Samsung DVR SHR2040 - HTTPD Remote Denial of Service Denial of Service (PoC)
Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC)
Novell ZenWorks 10/11 - TFTPD Remote Code Execution
Novell ZENworks 10/11 - TFTPD Remote Code Execution
Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi
WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service
WhitSoft SlimServe HTTPd 1.1 - 'GET_ Denial of Service
GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service
GoAhead Web Server 2.1 (Windows) - Denial of Service
Anti-Web HTTPD 2.2 Script - Engine File Opening Denial of Service
Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service
Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow
Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow
D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service
D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service
Lorex LH300 Series - ActiveX Buffer Overflow (PoC)
Debut Embedded httpd 1.20 - Denial of Service
Debut Embedded HTTPd 1.20 - Denial of Service
Xorg 1.4 < 1.11.2 - File Permission Change
X.Org xorg 1.4 < 1.11.2 - File Permission Change
Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit)
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit)
ICU library 52 < 54 - Multiple Vulnerabilities
rooter VDSL Device - Goahead WebServer Disclosure
FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure
Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal
Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal
Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow
Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow
Debian 2.1 - httpd
Debian 2.1 - HTTPd
Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing
Inso DynaWeb httpd 3.1/4.0.2/4.1 - Format String
Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String
W3C CERN httpd 3.0 Proxy - Cross-Site Scripting
W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting
ATP httpd 0.4 - Single Byte Buffer Overflow
ATP HTTPd 0.4 - Single Byte Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow
Light HTTPd 0.1 - GET Buffer Overflow (1)
Light HTTPd 0.1 - GET Buffer Overflow (2)
Light HTTPd 0.1 - 'GET' Buffer Overflow (1)
Light HTTPd 0.1 - 'GET' Buffer Overflow (2)
Light HTTPD 0.1 (Windows) - Remote Buffer Overflow
Light HTTPd 0.1 (Windows) - Remote Buffer Overflow
Ultra Mini HTTPD 1.21 - Remote Stack Buffer Overflow
Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow
Ultra Mini HTTPD - Remote Stack Buffer Overflow (Metasploit)
Ultra Mini HTTPd - Remote Stack Buffer Overflow (Metasploit)
BusyBox 1.01 - HTTPD Directory Traversal
BusyBox 1.01 - HTTPd Directory Traversal
Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1)
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1)
Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection
Apache mod_cgi - 'Shellshock' Remote Command Injection
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection
Apache mod_cgi - 'Shellshock' Remote Command Injection
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)
AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution
GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution
NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
Getsimple 2.01 - Local File Inclusion
Getsimple CMS 2.01 - Local File Inclusion
Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Novell ZENworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload
ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload
ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution
ManageEngine EventLog Analyzer - Multiple Vulnerabilities
ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)
Bash CGI - 'Shellshock' Remote Command Injection (Metasploit)
Bash CGI - 'Shellshock' Remote Command Injection (Metasploit)
Getsimple 3.0 - 'set' Local File Inclusion
Getsimple CMS 3.0 - 'set' Local File Inclusion
ZENworks Configuration Management 11.3.1 - Remote Code Execution
Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution
Kaseya Virtual System Administrator - Multiple Vulnerabilities (1)
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)
Getsimple - 'path' Local File Inclusion
Getsimple CMS 3.1.2 - 'path' Local File Inclusion
Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit)
SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)
ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
BMC Track-It! 11.4 - Multiple Vulnerabilities
Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities
SysAid Help Desk 14.4 - Multiple Vulnerabilities
Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities
GetSimple CMS 3.3.1 - Cross-Site Scripting
CMS Made Simple 1.11.9 - Multiple Vulnerabilities
ManageEngine Desktop Central - Create Administrator
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)
ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload
Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)
FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes)
FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (33 bytes)
NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)
Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)
Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)
Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode
Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode
Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)
Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)
Windows/x86 (XP SP3) - ShellExecuteA Shellcode
Windows/x86 (XP SP3) - ShellExecuteA() Shellcode
Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)
Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Windows/x86 - JITed Stage-0 Shellcode
Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes)
Windows/x86 (XP SP2) - WinExec(write.exe) + ExitProcess Shellcode (16 bytes)
Windows/x86 - MessageBox Shellcode (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Windows/x86 - MessageBox Shellcode (Generator) (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Windows/x64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes)
Windows/x64 (7) - cmd.exe Shellcode (61 bytes)
Windows - MessageBoxA Shellcode (238 bytes)
Windows - MessageBoxA() Shellcode (238 bytes)
Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator)
Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)
Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes)
Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator)
Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)
Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes)
Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)
Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)
Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes)
Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes)
OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit)
Windows/x86 - Eggsearch Shellcode (33 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode
OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode
Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (52 bytes)
Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)
Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)
Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode
Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode
Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)
Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)
Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)
Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes)
Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode
Linux/x64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator)
Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode
Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
Windows/x86 - user32!MessageBox(Hello World!) + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator)
Windows/x64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - execve() Shellcode (22 bytes)
Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)
Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - execve() Shellcode (22 bytes)
Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Linux/x64 - execve() + Polymorphic Shellcode (31 bytes)
Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x86-64 - Bind TCP Shell Shellcode (Generator)
Linux/x64 - Bind TCP Shell Shellcode (Generator)
Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Windows/x86 - MessageBoxA Shellcode (242 bytes)
Windows/x86 - MessageBoxA() Shellcode (242 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)
Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes)
Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes)
Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes)
Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir() Shellcode (25 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)
Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x64 - mkdir() Shellcode (25 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (22 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x86-64 - shutdown -h now Shellcode (65 bytes)
Linux/x86-64 - shutdown -h now Shellcode (64 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x64 - shutdown -h now Shellcode (65 bytes)
Linux/x64 - shutdown -h now Shellcode (64 bytes)
Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes)
Windows/x86-64 (10) - Egghunter Shellcode (45 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Windows/x64 (10) - Egghunter Shellcode (45 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)
Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Windows - cmd.exe Shellcode (718 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1)
Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x64 - Kill All Processes Shellcode (19 bytes)
Linux/x64 - Fork Bomb Shellcode (11 bytes)
Linux/x86-64 - mkdir(evil) Shellcode (30 bytes)
Linux/x64 - mkdir(evil) Shellcode (30 bytes)
Windows/x86-64 - API Hooking Shellcode (117 bytes)
Windows/x64 - API Hooking Shellcode (117 bytes)
|
2018-01-25 18:22:06 +00:00 |
|
Offensive Security
|
bfebc3fa5a
|
DB: 2018-01-20
62 changes to exploits/shellcodes
macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'
Peercast < 0.1211 - Format String
Trillian Pro < 2.01 - Design Error
dbPowerAmp < 2.0/10.0 - Buffer Overflow
PsychoStats < 2.2.4 Beta - Cross Site Scripting
MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution
GitStack 2.3.10 - Unauthenticated Remote Code Execution
Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC)
Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC)
Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities
DUWare Multiple Products - Multiple Vulnerabilities
AutoRank PHP < 2.0.4 - SQL Injection (PoC)
ASPapp Multiple Products - Multiple Vulnerabilities
osCommerce < 2.2-MS2 - Multiple Vulnerabilities
PostNuke < 0.726 Phoenix - Multiple Vulnerabilities
MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities
phpGedView < 2.65 beta 5 - Multiple Vulnerabilities
phpShop < 0.6.1-b - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 1.3 - SQL Injection
phpBB < 2.0.6d - Cross Site Scripting
Phorum < 5.0.3 Beta - Cross Site Scripting
vBulletin < 3.0.0 RC4 - Cross Site Scripting
Mambo < 4.5 - Multiple Vulnerabilities
phpBB < 2.0.7a - Multiple Vulnerabilities
Invision Power Top Site List < 1.1 RC 2 - SQL Injection
Invision Gallery < 1.0.1 - SQL Injection
PhotoPost < 4.6 - Multiple Vulnerabilities
TikiWiki < 1.8.1 - Multiple Vulnerabilities
phpBugTracker < 0.9.1 - Multiple Vulnerabilities
OpenBB < 1.0.6 - Multiple Vulnerabilities
PHPX < 3.26 - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 1.3.1 - Design Error
HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities
LiveWorld Multiple Products - Cross Site Scripting
WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities
PHP-Calendar < 0.10.1 - Arbitrary File Inclusion
PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities
ReviewPost < 2.84 - Multiple Vulnerabilities
PhotoPost < 4.85 - Multiple Vulnerabilities
AZBB < 1.0.07d - Multiple Vulnerabilities
Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities
Burning Board < 2.3.1 - SQL Injection
XOOPS < 2.0.11 - Multiple Vulnerabilities
PEAR XML_RPC < 1.3.0 - Remote Code Execution
PHPXMLRPC < 1.1 - Remote Code Execution
SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite
XPCOM - Race Condition
ADOdb < 4.71 - Cross Site Scripting
Geeklog < 1.4.0 - Multiple Vulnerabilities
PEAR LiveUser < 0.16.8 - Arbitrary File Access
Mambo < 4.5.3h - Multiple Vulnerabilities
phpRPC < 0.7 - Remote Code Execution
Gallery 2 < 2.0.2 - Multiple Vulnerabilities
PHPLib < 7.4 - SQL Injection
SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite
CubeCart < 3.0.12 - Multiple Vulnerabilities
Claroline < 1.7.7 - Arbitrary File Inclusion
X-Cart < 4.1.3 - Arbitrary Variable Overwrite
Mambo < 4.5.4 - SQL Injection
Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities
D-Link DNS-343 ShareCenter < 1.05 - Command Injection
D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities
Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)
|
2018-01-20 05:01:49 +00:00 |
|
Offensive Security
|
909c94ce89
|
DB: 2018-01-17
78 changes to exploits/shellcodes
OBS studio 20.1.3 - Local Buffer Overflow
OBS Studio 20.1.3 - Local Buffer Overflow
Seagate Personal Cloud - Multiple Vulnerabilities
AIX - execve /bin/sh Shellcode (88 bytes)
AIX - execve(/bin/sh) Shellcode (88 bytes)
BSD/PPC - execve /bin/sh Shellcode (128 bytes)
BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)
BSD/PPC - execve(/bin/sh) Shellcode (128 bytes)
BSD/x86 - setuid(0) + execve(/bin/sh) Shellcode (30 bytes)
BSD/x86 - execve /bin/sh Shellcode (27 bytes)
BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)
BSD/x86 - execve(/bin/sh) Shellcode (27 bytes)
BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (29 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)
BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes)
BSD/x86 - execve(/bin/sh) + Encoded Shellcode (57 bytes)
BSDi/x86 - execve /bin/sh Shellcode (45 bytes)
BSDi/x86 - execve /bin/sh Shellcode (46 bytes)
BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)
BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes)
FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (1)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (2)
FreeBSD/x86 - execve /bin/sh Shellcode (37 bytes)
FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)
FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (2)
FreeBSD/x86 - execve(/bin/sh) Shellcode (37 bytes)
FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes)
FreeBSD/x86 - execve /tmp/sh Shellcode (34 bytes)
FreeBSD/x86 - chown 0:0 + chmod 6755 + execve(/tmp/sh) Shellcode (44 bytes)
FreeBSD/x86 - execve(/tmp/sh) Shellcode (34 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes)
Linux/x86 - execve Null-Free Shellcode (Generator)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86 - execve() Null-Free Shellcode (Generator)
Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)
Linux - execve(/bin/sh) + Polymorphic + Printable ASCII Characters Shellcode (Generator)
HP-UX - execve /bin/sh Shellcode (58 bytes)
HP-UX - execve(/bin/sh) Shellcode (58 bytes)
Linux/PPC - execve /bin/sh Shellcode (60 bytes)
Linux/PPC - execve(/bin/sh) Shellcode (60 bytes)
Linux/PPC - execve /bin/sh Shellcode (112 bytes)
Linux/PPC - execve(/bin/sh) Shellcode (112 bytes)
Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - /bin/sh + Self-Modifying Anti-IDS Shellcode (35/64 bytes)
Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Disable Network Card + Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 + Polymorphic Shellcode (61 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (48 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - reboot() + Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow + Polymorphic Shellcode (54 bytes)
Linux/x86 - execve read Shellcode (92 bytes)
Linux/x86 - execve() Read Shellcode (92 bytes)
Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (22 bytes)
Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)
Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (2)
Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve(/bin/sh) Shellcode (66 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - setreuid() + execve() Shellcode (31 bytes)
Linux/x86 - execve code Shellcode (23 bytes)
Linux/x86 - execve() Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)
Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes)
BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes)
BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - execve /bin/sh Shellcode (29 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)
Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (29 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (3)
Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)
OpenBSD/x86 - Load Kernel Module (/tmp/o.o) Shellcode (66 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve(/bin/sh) Shellcode (80 bytes)
Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/sh) Shellcode (46+ bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve(/bin/sh) Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve(/bin/sh) Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)
NetBSD/x86 - execve /bin/sh Shellcode (68 bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)
NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)
OpenBSD/x86 - execve(/bin/sh) Shellcode (23 bytes)
OSX/PPC - execve /bin/sh Shellcode (72 bytes)
OSX/PPC - execve(/bin/sh) Shellcode (72 bytes)
OSX/PPC - setuid(0) + execve /bin/sh Shellcode (88 bytes)
OSX/PPC - setuid(0) + execve(/bin/sh) Shellcode (88 bytes)
OSX/PPC - execve /usr/X11R6/bin/xterm Shellcode (141 bytes)
OSX/PPC - execve(/usr/X11R6/bin/xterm) Shellcode (141 bytes)
Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve Shellcode (56 bytes)
Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve() Shellcode (56 bytes)
Solaris/SPARC - execve /bin/sh Shellcode (52 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes)
UnixWare - execve /bin/sh Shellcode (95 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)
Linux/x86 - execve Shellcode (51 bytes)
Linux/x86 - execve() Shellcode (51 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes)
Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (43 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (8 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2)
Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)
Linux/x86 - Fork Bomb + Polymorphic Shellcode (30 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) + Polymorphic Shellcode (57 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes)
Linux - Write SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes)
Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes)
Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator)
Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes)
Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM)
Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode
OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)
OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
OSX - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve /bin/sh Shellcode (52 bytes)
OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes)
Linux/MIPS - execve /bin/sh Shellcode (48 bytes)
Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (52 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode
Linux/x86 - execve /bin/dash Shellcode (42 bytes)
Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)
Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)
Linux/MIPS - execve /bin/sh Shellcode (36 bytes)
Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)
Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)
Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes)
Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (35 bytes)
Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)
Linux/x86 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (1)
Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)
Linux/x86 - execve /bin/sh Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (23 bytes)
Linux/x86-64 - execve Encoded Shellcode (57 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Linux/x86-64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode
OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)
OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes)
Linux/x86 - execve /bin/bash Shellcode (31 bytes)
Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Linux/x86-64 - execve() Shellcode (22 bytes)
Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)
Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (1)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)
Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86 - execve(/bin/sh) + ASLR Bruteforce Shellcode
Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (19 bytes)
OSX/PPC - Remote findsock by recv() Key Shellcode
OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode
OSX/PPC - Stager Sock Find MSG_PEEK Shellcode
OSX/PPC - Stager Sock Find Shellcode
OSX/PPC - Stager Sock Reverse Shellcode
OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)
OSX/PPC - execve(/bin/sh) Shellcode
OSX/PPC - execve(/bin/sh_[/bin/sh]_NULL) + exit() Shellcode (72 bytes)
OSX/x86 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x86 - Add User (t00r/t00r) PexFnstenvSub Encoded Shellcode (116 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + execute /bin/sh Shellcode (57 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)
BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes)
Linux/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (67 bytes)
Linux/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)
Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode
Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode
Solaris/SPARC - Bind TCP Shell Shellcode
Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes)
Solaris/x86 - execve(/bin/sh) Shellcode (43 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)
OpenBSD/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (74 bytes)
BSD/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)
BSD/x86 - Break chroot (../ 10x Loop) Shellcode (40 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) + exit() Shellcode (58 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) + exit() Shellcode (64 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (58 bytes)
BSD/x86 - symlink /bin/sh sh Shellcode (39 bytes)
Linux/x86 - symlink /bin/sh sh Shellcode (36 bytes)
BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)
BSD/x86 - execve(/bin/sh) Shellcode (28 bytes)
Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)
Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes)
Linux/x86 - Disable Shadowing Shellcode (42 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes)
Linux/x86 - exit(0) / exit(1) Shellcode (3/4 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0) Shellcode (25 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_[/bin/sh_NULL])) Shellcode (25 bytes)
Linux/x86 - execve(/sbin/shutdown_/sbin/shutdown 0) Shellcode (36 bytes)
Linux/x86 - execve(/sbin/reboot_/sbin/reboot) Shellcode (28 bytes)
Linux/x86 - execve(/sbin/halt_/sbin/halt) Shellcode (27 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__0_0) Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh_0_0) Shellcode (21 bytes)
Linux/x86 - fork() + setreuid(0_ 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126 bytes)
Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)
Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)
Linux/x86 - execve(/sbin/ipchains -F) Shellcode (70 bytes)
Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
Linux/x86 - execve /bin/dash Shellcode (30 bytes)
Linux/x86 - execve(/bin/dash) Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (53 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD/x86 - /sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD - reboot() Shellcode (15 Bytes)
FreeBSD/x86 - reboot() Shellcode (15 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)
Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes)
|
2018-01-17 05:02:19 +00:00 |
|
Offensive Security
|
f589361686
|
DB: 2018-01-13
1949 changes to exploits/shellcodes
Bird Chat 1.61 - Denial of Service
Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow
Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service
PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow
PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)
Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service
Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1)
Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2)
HP Data Protector Media Operations - Null Pointer Dereference Remote Denial of Service
AnyDVD 6.7.1.0 - Denial of Service
Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)
Apple Safari - GdiDrawStream Blue Screen of Death
Oracle VM VirtualBox 4.1 - Local Denial of Service
Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)
VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC)
Samba < 3.6.2 (x86) - Denial of Service (PoC)
Adobe Flash (Linux x64) - Bad Dereference at 0x23c
Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect
Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec
Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash - Shared Object Type Confusion
Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec
Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash - Shared Object Type Confusion
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073)
Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073)
Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061)
Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)
Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073)
Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073)
Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061)
Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)
Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)
Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061)
Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097)
Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)
Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061)
Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097)
Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)
Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097)
Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service)
Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow
win32k Desktop and Clipboard - Null Pointer Dereference
win32k Clipboard Bitmap - Use-After-Free
win32k Desktop and Clipboard - Null Pointer Dereference
win32k Clipboard Bitmap - Use-After-Free
Adobe Flash Selection.SetSelection - Use-After-Free
Adobe Flash Sound.setTransform - Use-After-Free
Adobe Flash - Use-After-Free When Setting Stage
Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)
Core FTP Server 32-bit Build 587 - Heap Overflow
Microsoft Windows - Custom Font Disable Policy Bypass
Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
Kentico CMS 11.0 - Buffer Overflow
PyroBatchFTP < 3.19 - Buffer Overflow
Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure
Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation
GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow
Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow
Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation
PHP 5.2.9 (Windows x86) - Local Safemod Bypass
Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)
HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow
RadASM - '.rap' file Local Buffer Overflow
Mini-stream RM-MP3 Converter 3.1.2.1 - '.pls' Local Stack Buffer Overflow Universal
Audiotran 1.4.2.4 - Local Overflow (SEH)
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation (1)
Linux Kernel 4.6.3 (x86) - 'Netfilter' Local Privilege Escalation (Metasploit)
VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit)
PHP 5.4.3 (Windows x86 Polish) - Code Execution
Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)
Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure
Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Local Privilege Escalation (1)
Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Privilege Escalation (2)
Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Local Privilege Escalation (2)
Novell Client 2 SP3 - 'nicm.sys' Local Privilege Escalation (Metasploit)
Solaris Recommended Patch Cluster 6/19 (x86) - Local Privilege Escalation
Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation (Metasploit)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Local Privilege Escalation (3)
LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure
Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation
Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)
Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation
Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Privilege Escalation (3)
TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure
OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation
Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation
Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)
Microsoft Bluetooth Personal Area Networking - 'BthPan.sys' Local Privilege Escalation (Metasploit)
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)
Offset2lib - Bypassing Full ASLR On 64 bit Linux
Linux Kernel (x86-64) - Rowhammer Privilege Escalation
Rowhammer - NaCl Sandbox Escape
Linux Kernel (x86-64) - Rowhammer Privilege Escalation
Rowhammer - NaCl Sandbox Escape
Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058)
Linux espfix64 - Nested NMIs Interrupting Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation
Linux espfix64 - Nested NMIs Interrupting Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation
Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002)
Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit)
TrueCrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
Microsoft Windows 8.1 - 'win32k' Local Privilege Escalation (MS15-010)
MySQL 5.5.45 (x64) - Local Credentials Disclosure
Microsoft Windows 7 SP1 (x86) - 'WebDAV' Local Privilege Escalation (MS16-016) (1)
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)
ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation
Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit)
Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)
Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)
Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak
Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098)
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Linux Kernel - 'offset2lib' Stack Clash
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
Linux Kernel - 'offset2lib' Stack Clash
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution
Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032)
Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution
gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String
PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit)
dproxy-nexgen (Linux x86) - Remote Buffer Overflow
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)
SapLPD 6.28 (Windows x86) - Remote Buffer Overflow
Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow
Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution
Integard Home and Pro 2 - Remote HTTP Buffer Overflow
Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit)
Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)
Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit)
AASync 2.2.1.0 (Windows x86) - Remote Stack Buffer Overflow 'LIST' (Metasploit)
32bit FTP Client - Remote Stack Buffer Overflow (Metasploit)
SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow (Metasploit)
SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit)
Icecast 2.0.1 (Windows x86) - Header Overwrite (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)
McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)
McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit)
PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)
Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit)
CA CAM (Windows x86) - 'log_security()' Remote Stack Buffer Overflow (Metasploit)
Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit)
Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit)
WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)
Nginx 1.3.9/1.4.0 (x86) - Brute Force
Nginx 1.4.0 (Generic Linux x64) - Remote Overflow
Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit)
Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution (Metasploit)
Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution
PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit)
PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)
ALLMediaServer 0.95 - Buffer Overflow
Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)
Rancher Server - Docker Daemon Code Execution (Metasploit)
Unitrends UEB 9 - http api/storage Remote Root (Metasploit)
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)
Unitrends UEB 9 - http api/storage Remote Root (Metasploit)
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)
Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007)
PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion
Joomla! Component Elite Experts - SQL Injection
Traidnt UP - Cross-Site Request Forgery (Add Admin)
Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting
Infoblox 6.8.2.11 - OS Command Injection
Xnami 1.0 - Cross-Site Scripting
Taxi Booking Script 1.0 - Cross-site Scripting
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes)
Linux/MIPS - execve /bin/sh Shellcode (56 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes)
Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes)
Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)
Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)
Linux/x86 - File Unlinker Shellcode (18+ bytes)
Linux/x86 - Perl Script Execution Shellcode (99+ bytes)
Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)
Linux/x86 - killall5 Shellcode (34 bytes)
Linux/x86 - PUSH reboot() Shellcode (30 bytes)
Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)
Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)
Linux/x86 - File Unlinker Shellcode (18+ bytes)
Linux/x86 - Perl Script Execution Shellcode (99+ bytes)
Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)
Linux/x86 - killall5 Shellcode (34 bytes)
Linux/x86 - PUSH reboot() Shellcode (30 bytes)
Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)
Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} Shellcode (12 bytes)
Linux/x86 - System Beep Shellcode (45 bytes)
Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)
Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - execve read Shellcode (92 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes)
Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes)
Linux/x86 - Fork Bomb Shellcode (7 bytes)
Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)
Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)
Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)
Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)
Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)
Linux/x86 - iopl(3) + asm(cli) + while(1){} Shellcode (12 bytes)
Linux/x86 - System Beep Shellcode (45 bytes)
Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)
Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - execve read Shellcode (92 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes)
Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes)
Linux/x86 - Fork Bomb Shellcode (7 bytes)
Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)
Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)
Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)
Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)
Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)
Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes)
Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)
Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)
Linux/x86 - reboot() Shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)
Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)
Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes)
Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)
Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)
Linux/x86 - reboot() Shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)
Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); Shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); Shellcode (29 bytes)
Linux/x86 - _exit(1); Shellcode (7 bytes)
Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)
Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - upload + exec Shellcode (189 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)
Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)
Linux/x86 - execve code Shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - Kill Snort Shellcode (151 bytes)
Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes)
Linux/x86 - execve /bin/sh Shellcode (29 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)
Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)
Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)
Linux/x86 - dup2(0_0) + dup2(0_1) + dup2(0_2) Shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf() Shellcode (29 bytes)
Linux/x86 - _exit(1) Shellcode (7 bytes)
Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes)
Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - upload + exec Shellcode (189 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)
Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)
Linux/x86 - execve code Shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - Kill Snort Shellcode (151 bytes)
Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes)
Linux/x86 - execve /bin/sh Shellcode (29 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)
Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL); Shellcode (43 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes)
Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - Egg Omelet SEH Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - Egg Omelet SEH Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - MessageBox Shellcode (110 bytes)
Windows x86 - Command WinExec() Shellcode (104+ bytes)
Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - MessageBox Shellcode (110 bytes)
Windows x86 - Command WinExec() Shellcode (104+ bytes)
Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)
Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)
Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Windows - DCOM RPC2 Universal Shellcode
Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)
Linux/x86 - Kill All Processes Shellcode (9 bytes)
Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve Shellcode (51 bytes)
Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)
Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Windows - DCOM RPC2 Universal Shellcode
Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)
Linux/x86 - Kill All Processes Shellcode (9 bytes)
Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve Shellcode (51 bytes)
Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode
Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode
Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode
Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)
Linux/x86 - Disable modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)
Linux/x86 - Disable modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)
Linux/x86 - DoS Badger Game Shellcode (6 bytes)
Linux/x86 - DoS SLoc Shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)
Linux/x86 - DoS Badger Game Shellcode (6 bytes)
Linux/x86 - DoS SLoc Shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)
Linux/x86 - Fork Bomb Shellcode (6 bytes) (2)
Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)
Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); Shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)
Linux/x86 - Fork Bomb Shellcode (6 bytes) (2)
Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)
Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x86 - Disable ASLR Security Shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes)
Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - Kill All Running Process Shellcode (11 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes)
Linux/x86 - Hard Reboot Shellcode (29 bytes)
Linux/x86 - Hard Reboot Shellcode (33 bytes)
Linux/x86 - Disable ASLR Security Shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes)
Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - Kill All Running Process Shellcode (11 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes)
Linux/x86 - Hard Reboot Shellcode (29 bytes)
Linux/x86 - Hard Reboot Shellcode (33 bytes)
Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes)
Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes)
Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode
Windows x86 - Eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
Windows x86 - Eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
Linux/x86 - Disable ASLR Security Shellcode (83 bytes)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes)
Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes)
Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (52 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)
Linux/x86 - execve /bin/dash Shellcode (42 bytes)
Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)
Linux/x86 - execve /bin/dash Shellcode (42 bytes)
Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes)
MIPS (Little Endian) - system() Shellcode (80 bytes)
Linux/MIPS (Little Endian) - system() Shellcode (80 bytes)
Linux/x86 - Egghunter Shellcode (31 bytes)
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)
Linux/x86 - Egghunter Shellcode (31 bytes)
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes)
Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir Shellcode (37 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) Position Independent Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir Shellcode (37 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes)
Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Egghunter Shellcode (20 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes)
Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Egghunter Shellcode (20 bytes)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)
Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Shellcode (57 bytes)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)
Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Shellcode (57 bytes)
Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - exit(0) Shellcode (6 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - Shutdown(init 0) Shellcode (30 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 bytes)
Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)
Linux/x86 - Download File + Execute Shellcode
Linux/x86 - Reboot Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (23 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec /bin/dash Shellcode (45 bytes)
Linux/x86-64 - execve Encoded Shellcode (57 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Linux/x86 - Egghunter Shellcode (19 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
Windows 2003 x64 - Token Stealing Shellcode (59 bytes)
Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - exit(0) Shellcode (6 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - Shutdown(init 0) Shellcode (30 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 bytes)
Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)
Linux/x86 - Download File + Execute Shellcode
Linux/x86 - Reboot Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (23 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec /bin/dash Shellcode (45 bytes)
Linux/x86-64 - execve Encoded Shellcode (57 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Linux/x86 - Egghunter Shellcode (19 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
Windows 2003 x64 - Token Stealing Shellcode (59 bytes)
Linux/x86 - execve /bin/bash Shellcode (31 bytes)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Egghunter Shellcode (24 bytes)
Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Egghunter Shellcode (24 bytes)
Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - Egghunter Shellcode (18 bytes)
Linux/x86 - Egghunter Shellcode (13 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - Egghunter Shellcode (18 bytes)
Linux/x86 - Egghunter Shellcode (13 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/x86 - Download File + Execute Shellcode (135 bytes)
Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/x86 - Download File + Execute Shellcode (135 bytes)
Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)
Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)
Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes)
Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x86 - MessageBoxA Shellcode (242 bytes)
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)
Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir Shellcode (25 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes)
Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x86 - MessageBoxA Shellcode (242 bytes)
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)
Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir Shellcode (25 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Windows x86 - Hide Console Window Shellcode (182 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
Linux/x86 - execve /bin/dash Shellcode (30 bytes)
Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Windows x86 - Hide Console Window Shellcode (182 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
Linux/x86 - execve /bin/dash Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Windows 10 x64 - Egghunter Shellcode (45 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)
Linux/x86 - Egghunter Shellcode (18 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)
Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes)
Linux/ARM - creat(_/root/pwned__ 0777) Shellcode (39 bytes)
Linux/ARM - execve(_/bin/sh__ []_ [0 vars]) Shellcode (35 bytes)
Linux/ARM - execve(_/bin/sh__NULL_0) Shellcode (31 bytes)
Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes)
Linux/StrongARM - setuid() Shellcode (20 bytes)
Linux/StrongARM - execve(/bin/sh) Shellcode (47 bytes)
Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes)
Linux/SPARC - setreuid(0_0) + execve(/bin/sh) Shellcode (64 bytes)
Linux/SuperH (sh4) - execve(_/bin/sh__ 0_ 0) Shellcode (19 bytes)
Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes)
Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Windows 10 x64 - Egghunter Shellcode (45 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)
Linux/x86 - Egghunter Shellcode (18 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)
Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x86 - Fork Bomb Shellcode (9 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)
Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x86 - Fork Bomb Shellcode (9 bytes)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Windows x64 - API Hooking Shellcode (117 bytes)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Windows x64 - API Hooking Shellcode (117 bytes)
|
2018-01-13 05:02:13 +00:00 |
|
Offensive Security
|
81d6f781ab
|
DB: 2018-01-12
31 changes to exploits/shellcodes
MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service
Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon
Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation
macOS - 'process_policy' Stack Leak Through Uninitialized Field
Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read
Jungo Windriver 12.5.1 - Privilege Escalation
Jungo Windriver 12.5.1 - Local Privilege Escalation
Parity Browser < 1.6.10 - Bypass Same Origin Policy
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution
Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure
Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)
eVestigator Forensic PenTester - MITM Remote Code Execution
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution
BestSafe Browser - MITM Remote Code Execution
BestSafe Browser - Man In The Middle Remote Code Execution
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
SKILLS.com.au Industry App - Man In The Middle Remote Code Execution
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution
FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes)
BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes)
FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes)
FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode
HPUX - execve /bin/sh Shellcode (58 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve /bin/sh Shellcode (58 bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)
ARM - Bind TCP Shell (0x1337/TCP) Shellcode
ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode
Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode
FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes)
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes)
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes)
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes)
FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)
FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes)
FreeBSD - reboot() Shellcode (15 Bytes)
IRIX - execve(/bin/sh -c) Shellcode (72 bytes)
IRIX - execve(/bin/sh) Shellcode (43 bytes)
IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes)
IRIX - execve(/bin/sh) Shellcode (68 bytes)
IRIX - stdin-read Shellcode (40 bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
|
2018-01-12 05:02:17 +00:00 |
|
Offensive Security
|
d304cc3d3e
|
DB: 2017-11-24
116602 new exploits
Too many to list!
|
2017-11-24 20:56:23 +00:00 |
|