Offensive Security
c6ebf8bc23
DB: 2018-12-19
...
10 changes to exploits/shellcodes
VMware Fusion 2.0.5 - vmx86 kext Local Buffer Overflow (PoC)
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
AnyBurn 4.3 - Local Buffer Overflow Denial of Service
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service
MegaPing - Local Buffer Overflow Denial of Service
Exim 4.41 - 'dns_build_reverse' Local
Exim 4.41 - 'dns_build_reverse' Local Buffer Overflow
Microsoft Jet Database - 'msjet40.dll' Reverse Shell (2)
Microsoft Jet Database - 'msjet40.dll' Code Execution (Reverse Shell) (2)
Microsoft Windows Server 2003 - Token Kidnapping Local
Microsoft Windows Server 2003 - Token Kidnapping Local Privilege Escalation
VMware Fusion 2.0.5 - vmx86 kext Local
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow
Google Android 2.0 < 2.1 - Reverse Shell
Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)
MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method
SDL Web Content Manager 8.5.0 - XML External Entity Injection
2018-12-19 05:01:45 +00:00
Offensive Security
9bd9fb0da3
DB: 2018-12-11
...
2 changes to exploits/shellcodes
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
2018-12-11 05:01:44 +00:00
Offensive Security
60710bbfd9
DB: 2018-12-05
...
19 changes to exploits/shellcodes
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
Wireshark - 'find_signature' Heap Out-of-Bounds Read
Xorg X11 Server (AIX) - Local Privilege Escalation
Emacs - movemail Privilege Escalation (Metasploit)
OpenSSH < 7.7 - User Enumeration (2)
HP Intelligent Management - Java Deserialization RCE (Metasploit)
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
KeyBase Botnet 1.5 - SQL Injection
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
NUUO NVRMini2 3.9.1 - Authenticated Command Injection
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
2018-12-05 05:01:44 +00:00
Offensive Security
0a4925cc93
DB: 2018-12-04
...
10 changes to exploits/shellcodes
Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service (PoC)
CyberArk 9.7 - Memory Disclosure
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
Joomla! Component JE Photo Gallery 1.1 - 'categoryid' SQL Injection
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
Apache Superset 0.23 - Remote Code Execution
Wordpress Plugins Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
2018-12-04 05:01:48 +00:00
Offensive Security
dfd1e454e1
DB: 2018-11-28
...
10 changes to exploits/shellcodes
MariaDB Client 10.1.26 - Denial of Service (PoC)
Arm Whois 3.11 - Buffer Overflow (ASLR)
Xorg X11 Server - SUID privilege escalation (Metasploit)
ELBA5 5.8.0 - Remote Code Execution
Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
Ticketly 1.0 - 'kind_id' SQL Injection
No-Cms 1.0 - 'order_by' SQL Injection
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
2018-11-28 11:08:29 +00:00
Offensive Security
832a222df4
DB: 2018-10-26
...
21 changes to exploits/shellcodes
ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
BORGChat 1.0.0 build 438 - Denial of Service (PoC)
libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
Adult Filter 1.0 - Buffer Overflow (SEH)
WebEx - Local Service Permissions Exploit (Metasploit)
exim 4.90 - Remote Code Execution
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
exim 4.90 - Remote Code Execution
WebExec - Authenticated User Code Execution (Metasploit)
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
phptpoint Hospital Management System 1.0 - 'user' SQL injection
Simple Chat System 1.0 - 'id' SQL Injection
Delta Sql 1.8.2 - Arbitrary File Upload
User Management 1.1 - Cross-Site Scripting
ClipBucket 2.8 - 'id' SQL Injection
Simple POS and Inventory 1.0 - 'cat' SQL Injection
AiOPMSD Final 1.0.0 - 'q' SQL Injection
AjentiCP 1.2.23.13 - Cross-Site Scripting
MPS Box 0.1.8.0 - 'uuid' SQL Injection
Open STA Manager 2.3 - Arbitrary File Download
2018-10-26 05:01:46 +00:00
Offensive Security
635345499a
DB: 2018-10-18
...
15 changes to exploits/shellcodes
Git Submodule - Arbitrary Code Execution
Git Submodule - Arbitrary Code Execution (PoC)
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
Git Submodule - Arbitrary Code Execution
Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials
BigTree CMS 4.2.23 - Cross-Site Scripting
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
Time and Expense Management System 3.0 - 'table' SQL Injection
2018-10-18 05:01:46 +00:00
Offensive Security
731dd0f423
DB: 2018-10-16
...
22 changes to exploits/shellcodes
Snes9K 0.0.9z - Buffer Overflow (SEH)
NoMachine < 5.3.27 - Remote Code Execution
MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
FLIR Brickstream 3D+ - RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
CAMALEON CMS 2.4 - Cross-Site Scripting
Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
AlchemyCMS 4.1 - Cross-Site Scripting
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
College Notes Management System 1.0 - 'user' SQL Injection
Advanced HRM 1.6 - Remote Code Execution
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
Academic Timetable Final Build 7.0 - Information Disclosure
KORA 2.7.0 - 'cid' SQL Injection
2018-10-16 05:01:45 +00:00
Offensive Security
6fe17058fb
DB: 2018-10-10
...
15 changes to exploits/shellcodes
Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass
Microsoft Edge Chakra JIT - Type Confusion
Seqrite End Point Security 7.4 - Privilege Escalation
Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)
360 3.5.0.1033 - Sandbox Escape
ghostscript - executeonly Bypass with errorhandler Setup
ifwatchd - Privilege Escalation (Metasploit)
FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)
Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)
Wikidforum 2.20 - 'select_sort' SQL Injection
Wikidforum 2.20 - 'message_id' SQL Injection
Monstra 3.0.4 - Cross-Site Scripting
2018-10-10 05:01:44 +00:00
Offensive Security
a54a696d48
DB: 2018-09-29
...
2 changes to exploits/shellcodes
Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath
Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation
PCProtect 4.8.35 - Privilege Escalation
Microsoft Edge - Sandbox Escape
2018-09-29 05:01:58 +00:00
Offensive Security
ed0e1e4d44
DB: 2018-09-25
...
1979 changes to exploits/shellcodes
Couchdb 1.5.0 - 'uuids' Denial of Service
Apache CouchDB 1.5.0 - 'uuids' Denial of Service
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
udisks2 2.8.0 - Denial of Service (PoC)
Termite 3.4 - Denial of Service (PoC)
SoftX FTP Client 3.3 - Denial of Service (PoC)
Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection
SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection
Silverstripe CMS 3.0.2 - Multiple Vulnerabilities
SilverStripe CMS 3.0.2 - Multiple Vulnerabilities
Silverstripe CMS 2.4 - File Renaming Security Bypass
SilverStripe CMS 2.4 - File Renaming Security Bypass
Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities
Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection
SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection
Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload
SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload
Silverstripe CMS 2.4.x - 'BackURL' Open Redirection
SilverStripe CMS 2.4.x - 'BackURL' Open Redirection
Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure
SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure
Silverstripe CMS - Multiple HTML Injection Vulnerabilities
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Monstra CMS before 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)
Monstra CMS < 3.0.4 - Cross-Site Scripting
Monstra CMS < 3.0.4 - Cross-Site Scripting (1)
Navigate CMS 2.8 - Cross-Site Scripting
Collectric CMU 1.0 - 'lang' SQL injection
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
LG SuperSign EZ CMS 2.5 - Remote Code Execution
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
RICOH MP C6003 Printer - Cross-Site Scripting
Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
2018-09-25 05:01:51 +00:00
Offensive Security
29542c36ab
DB: 2018-09-19
...
7 changes to exploits/shellcodes
Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC)
Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion
Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion
Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit)
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
HongCMS 3.0.0 - SQL Injection
HongCMS 3.0.0 - (Authenticated) SQL Injection
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting
Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)
2018-09-19 05:01:45 +00:00
Offensive Security
1e34c2b6a5
DB: 2018-08-14
...
11 changes to exploits/shellcodes
IP Finder 1.5 - Denial of Service (PoC)
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
PostgreSQL 9.4-0.5.3 - Privilege Escalation
Android - Directory Traversal over USB via Injection in blkid Output
Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution
Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)
Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking)
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)
IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)
2018-08-14 05:01:45 +00:00
Offensive Security
1d21694058
DB: 2018-08-10
...
13 changes to exploits/shellcodes
reSIProcate 1.10.2 - Heap Overflow
CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)
AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read
Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)
Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)
Responsive Filemanager 9.13.1 - Server-Side Request Forgery
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
Sitecore.Net 8.1 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
2018-08-10 05:01:46 +00:00
Offensive Security
300aada6a5
DB: 2018-07-24
...
7 changes to exploits/shellcodes
Windows Speech Recognition - Buffer Overflow
Knox Software Arkeia 4.0 - Backup Local Overflow
Knox Arkeia 4.0 Backup - Local Overflow
Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)
Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit)
Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit)
Microsoft Windows - 'dnslint.exe' Drive-By Download
NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution
Davolink DVW 3200 Router - Password Disclosure
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)
Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)
2018-07-24 05:01:45 +00:00
Offensive Security
727943f775
DB: 2018-07-10
...
8 changes to exploits/shellcodes
Tor Browser < 0.3.2.10 - Use After Free (PoC)
Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH)
Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow
HP VAN SDN Controller - Root Command Injection (Metasploit)
HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit)
GitList 0.6.0 - Argument Injection (Metasploit)
Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting
Linux/x86 - Kill Process Shellcode (20 bytes)
2018-07-10 05:01:55 +00:00
Offensive Security
5e6d432161
DB: 2018-07-07
...
2 changes to exploits/shellcodes
PolarisOffice 2017 8 - Remote Code Execution
Airties AIR5444TT - Cross-Site Scripting
2018-07-07 05:01:49 +00:00
Offensive Security
e8a3702c6c
DB: 2018-07-03
...
11 changes to exploits/shellcodes
Core FTP LE 2.2 - Buffer Overflow (PoC)
SIPp 3.6 - Local Buffer Overflow (PoC)
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)
Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection
FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit)
Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit)
Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
Dolibarr ERP CRM < 7.0.3 - PHP Code Injection
Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)
2018-07-03 05:01:48 +00:00
Offensive Security
d8206fb5eb
DB: 2018-06-26
...
13 changes to exploits/shellcodes
KVM (Nested Virtualization) - L1 Guest Privilege Escalation
DIGISOL DG-BR4000NG - Buffer Overflow (PoC)
Foxit Reader 9.0.1.1049 - Remote Code Execution
WordPress Plugin iThemes Security < 7.0.3 - SQL Injection
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)
phpMyAdmin 4.8.1 - Local File Inclusion
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
DIGISOL DG-BR4000NG - Cross-Site Scripting
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Intex Router N-150 - Arbitrary File Upload
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
2018-06-26 05:01:46 +00:00
Offensive Security
41ea196761
DB: 2018-05-19
...
12 changes to exploits/shellcodes
Microsoft Edge - 'Array.filter' Info Leak
Microsoft Edge - 'Array.filter' Information Leak
Microsoft Edge Chakra JIT - Bound Check Elimination Bug
Windows - Local Privilege Escalation
Windows WMI - Recieve Notification Exploit (Metasploit)
Microsoft Windows - Local Privilege Escalation
Microsoft Windows WMI - Recieve Notification Exploit (Metasploit)
Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC)
Prime95 29.4b8 - Stack Buffer Overflow (SEH)
DynoRoot DHCP - Client Command Injection
Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)
Microsoft Edge (Windows 10) - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution
Microsoft Edge (Windows 10) - 'chakra.dll' Information Leak / Type Confusion Remote Code Execution
Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)
Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)
HPE iMC 7.3 - Remote Code Execution (Metasploit)
Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Monstra CMS before 3.0.4 - Cross-Site Scripting
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
Cisco SA520W Security Appliance - Path Traversal
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion
2018-05-19 05:01:48 +00:00
Offensive Security
5aca1b9763
DB: 2018-05-18
...
8 changes to exploits/shellcodes
Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall
Libuser - roothelper Privilege Escalation (Metasploit)
Libuser - 'roothelper' Privilege Escalation (Metasploit)
Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution
Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
Jenkins CLI - HTTP Java Deserialization (Metasploit)
Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
Intelbras NCLOUD 300 1.0 - Authentication bypass
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery
2018-05-18 05:01:49 +00:00
Offensive Security
0ca4688023
DB: 2018-05-14
...
3 changes to exploits/shellcodes
Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution
WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting
WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting
2018-05-14 05:01:48 +00:00
Offensive Security
635ec84504
DB: 2018-05-09
...
5 changes to exploits/shellcodes
2345 Security Guard 3.7 - Denial of Service
FTPShell Client 6.7 - Buffer Overflow
Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit)
PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit)
PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit)
Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)
2018-05-09 05:01:46 +00:00
Offensive Security
813a3efbb5
DB: 2018-05-04
...
20 changes to exploits/shellcodes
Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow
Jnes 1.0.2 - Stack Buffer Overflow
Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow
netek 0.8.2 - Denial of Service
Cisco Smart Install - Crash (PoC)
Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service
Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free
Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Local Privilege Escalation (1)
Linux Kernel 2.6.32 < 3.x (CentOS 5/6) - 'PERF_EVENTS' Local Privilege Escalation (1)
Adobe Reader PDF - Client Side Request Injection
Windows - Local Privilege Escalation
Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit)
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit)
Adobe Flash < 28.0.0.161 - Use-After-Free
Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)
GPON Routers - Authentication Bypass / Command Injection
TBK DVR4104 / DVR4216 - Credentials Leak
Call of Duty Modern Warefare 2 - Buffer Overflow
Squirrelcart 1.x.x - 'cart.php' Remote File Inclusion
Squirrelcart 1.x - 'cart.php' Remote File Inclusion
Infinity 2.x.x - options[style_dir] Local File Disclosure
Infinity 2.x - 'options[style_dir]' Local File Disclosure
PHP-Nuke 8.x.x - Blind SQL Injection
PHP-Nuke 8.x - Blind SQL Injection
WHMCompleteSolution (WHMCS) 3.x.x < 4.0.x - 'cart.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x.x - 'clientarea.php' Local File Disclosure
WHMCompleteSolution (WHMCS) 3.x - 'clientarea.php' Local File Disclosure
Ajax Availability Calendar 3.x.x - Multiple Vulnerabilities
Ajax Availability Calendar 3.x - Multiple Vulnerabilities
vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection
vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection
WordPress Theme Photocrati 4.x.x - SQL Injection / Cross-Site Scripting
WordPress Theme Photocrati 4.x - SQL Injection / Cross-Site Scripting
Subrion 3.X.x - Multiple Vulnerabilities
Subrion 3.x - Multiple Vulnerabilities
Ciuis CRM 1.0.7 - SQL Injection
LifeSize ClearSea 3.1.4 - Directory Traversal
WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
DLINK DCS-5020L - Remote Code Execution (PoC)
Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection
2018-05-04 05:01:47 +00:00
Offensive Security
b1f00227f1
DB: 2018-04-27
...
12 changes to exploits/shellcodes
Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)
Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH)
Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow
Shopy Point of Sale v1.0 - CSV Injection
Shopy Point of Sale 1.0 - CSV Injection
Drupal < 7.58 - 'drupalgeddon3' Authenticated Remote Code Execution (PoC)
Blog Master Pro v1.0 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - CSV Injection
HRSALE The Ultimate HRM v1.0.2 - 'award_id' SQL Injection
Blog Master Pro 1.0 - CSV Injection
HRSALE The Ultimate HRM 1.0.2 - CSV Injection
HRSALE The Ultimate HRM 1.0.2 - 'award_id' SQL Injection
HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion
HRSALE The Ultimate HRM 1.0.2 - Local File Inclusion
Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution
WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
MyBB Threads to Link Plugin 1.3 - Cross-Site Scripting
GitList 0.6 - Unauthenticated Remote Code Execution
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot
Frog CMS 0.9.5 - Persistent Cross-Site Scripting
2018-04-27 05:01:49 +00:00
Offensive Security
c249d94cb7
DB: 2018-04-25
...
28 changes to exploits/shellcodes
gif2apng 1.9 - '.gif' Stack Buffer Overflow
VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC)
Kaspersky KSN for Linux 5.2 - Memory Corruption
Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Adobe Flash - Overflow when Playing Sound
Adobe Flash - Overflow in Slab Rendering
Adobe Flash - Info Leak in Image Inflation
Adobe Flash - Out-of-Bounds Write in blur Filtering
Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion
R 3.4.4 - Local Buffer Overflow
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)
lastore-daemon D-Bus - Privilege Escalation (Metasploit)
Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
ASUS infosvr - Auth Bypass Command Execution (Metasploit)
UK Cookie Consent - Persistent Cross-Site Scripting
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
Open-AudIT 2.1 - CSV Macro Injection
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting
Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
2018-04-25 05:01:39 +00:00
Offensive Security
e8f4ef9188
DB: 2018-04-19
...
14 changes to exploits/shellcodes
PDFunite 0.41.0 - '.pdf' Local Buffer Overflow
RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow
VX Search 10.6.18 - 'directory' Local Buffer Overflow
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow
Coship RT3052 Wireless Router - Persistent Cross-Site Scripting
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
Rvsitebuilder CMS - Database Backup Download
Match Clone Script 1.0.4 - Cross-Site Scripting
Kodi 17.6 - Persistent Cross-Site Scripting
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
2018-04-19 05:01:48 +00:00
Offensive Security
bef325a736
DB: 2018-04-14
...
9 changes to exploits/shellcodes
GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation
Microsoft Credential Security Support Provider - Remote Code Execution
WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
MikroTik 6.41.4 - FTP daemon Denial of Service PoC
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
2018-04-14 05:01:49 +00:00
Offensive Security
a13c4ea572
DB: 2018-03-31
...
23 changes to exploits/shellcodes
SysGauge 4.5.18 - Local Denial of Service
Systematic SitAware - NVG Denial of Service
Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH)
Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow
Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
osTicket 1.10 - SQL Injection
osTicket 1.10 - SQL Injection (PoC)
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
Homematic CCU2 2.29.23 - Arbitrary File Write
MiniCMS 1.10 - Cross-Site Request Forgery
WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
Homematic CCU2 2.29.23 - Remote Command Execution
Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change
osCommerce 2.3.4.1 - Remote Code Execution
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change
D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change
Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit)
Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)
2018-03-31 05:01:49 +00:00
Offensive Security
4a4b338844
DB: 2018-03-30
...
8 changes to exploits/shellcodes
GitStack - Unsanitized Argument Remote Code Execution (Metasploit)
Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)
Drupal 7.0 < 7.31 - SQL Injection (1)
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (1)
Drupal 7.0 < 7.31 - SQL Injection (2)
Drupal 7.32 - SQL Injection (PHP)
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (PoC) (Reset Password) (2)
Drupal < 7.32 - Unauthenticated SQL Injection
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Remote Code Execution)
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session)
Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
2018-03-30 05:01:51 +00:00
Offensive Security
285f79e70e
DB: 2018-03-27
...
4 changes to exploits/shellcodes
Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve )
Crashmail 1.6 - Stack-Based Buffer Overflow (ROP)
Fast AVI MPEG Splitter 1.2 - Stack-Based Buffer Overflow
LabF nfsAxe 3.7 - Privilege Escalation
Acrolinx Server < 5.2.5 - Directory Traversal
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass
Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass
Laravel Log Viewer < 0.13.0 - Local File Download
Linux/x86 - EggHunter Shellcode (11 Bytes)
Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)
2018-03-27 05:01:50 +00:00
Offensive Security
b0fc7bfd43
DB: 2018-03-17
...
6 changes to exploits/shellcodes
Android DRM Services - Buffer Overflow
MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution
Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution
Firefox 44.0.2 - ASM.JS JIT-Spray Remote Code Execution
Spring Data REST < 2.6.9 (Ingalls SR9)_ 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Contec Smart Home 4.15 - Unauthorized Password Reset
2018-03-17 05:01:46 +00:00
Offensive Security
3f6d16d5c3
DB: 2018-03-13
...
8 changes to exploits/shellcodes
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Loader
Sony Playstation 4 (PS4) 1.76 - 'dlclose' Linux Kernel Loader
SC 7.16 - Stack-Based Buffer Overflow
DEWESoft X3 SP1 (64-bit) - Remote Command Execution
Eclipse Equinoxe OSGi Console - Command Execution (Metasploit)
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials
TextPattern 4.6.2 - 'qty' SQL Injection
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
2018-03-13 05:01:46 +00:00
Offensive Security
ba1d29bdd6
DB: 2018-03-03
...
13 changes to exploits/shellcodes
SEGGER embOS/IP FTP Server 3.22 - Denial of Service
DualDesk 20 - 'Proxy.exe' Denial of Service
Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak
Apple iOS - '.pdf' Local Privilege Escalation 'Jailbreak'
Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak
Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow 'Jailbreak'
ASX to MP3 Converter 1.82.50 - '.asx' Local Stack Overflow
ASX to MP3 Converter 1.82.50 (Windows XP SP3) - '.asx' Local Stack Overflow
Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader)
Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'namedobj ' Kernel Loader
IrfanView 4.44 Email Plugin - Buffer Overflow (SEH)
IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode)
Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC)
Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC)
ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow
Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak
Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation 'Jailbreak'
Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55)
Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' WebKit 5.01 / 'bpf' Kernel Loader 4.55
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution
Joomla! 3.7 - SQL Injection
Posnic Stock Management System - SQL Injection
WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)
WordPress Plugin UPM-POLLS 1.0.4 - Blind SQL Injection
WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection
D-Link DIR-600M Wireless - Cross-Site Scripting
uWSGI < 2.0.17 - Directory Traversal
2018-03-03 05:01:47 +00:00
Offensive Security
5d48f0abd2
DB: 2018-02-28
...
16 changes to exploits/shellcodes
Transmission - Integer Overflows Parsing Torrent Files
Chrome V8 - 'PropertyArray' Integer Overflow
Chrome V8 - 'TranslatedState::MaterializeCapturedObjectAt' Type Confusion
Asterisk chan_pjsip 15.2.0 - 'INVITE' Denial of Service
Asterisk chan_pjsip 15.2.0 - 'SDP' Denial of Service
Asterisk chan_pjsip 15.2.0 - 'SDP fmtp' Denial of Service
Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption
Microsoft Windows Windows 8.1/2012 R2 - SMB Denial of Service
Sony Playstation 4 4.55 FW - Local Kernel
GetGo Download Manager 5.3.0.2712 - Buffer Overflow (SEH)
Schools Alert Management Script 2.0.2 - Authentication Bypass
MyBB My Arcade Plugin 1.3 - Cross-Site Scripting
Joomla! Component K2 2.8.0 - Arbitrary File Download
School Management Script 3.0.4 - Authentication Bypass
CMS Made Simple 2.1.6 - Remote Code Execution
Concrete5 < 8.3.0 - Username / Comments Enumeration
2018-02-28 05:01:52 +00:00
Offensive Security
d0ed4bb0d2
DB: 2018-02-27
...
3 changes to exploits/shellcodes
Disk Savvy Enterprise 10.4.18 - Stack-Based Buffer Overflow (Metasploit)
CloudMe Sync 1.10.9 - Stack-Based Buffer Overflow (Metasploit)
AsusWRT LAN - Unauthenticated Remote Code Execution (Metasploit)
2018-02-27 05:01:54 +00:00
Offensive Security
a4f01ec6e4
DB: 2018-02-22
...
4 changes to exploits/shellcodes
Wavpack 5.1.0 - Denial of Service
utorrent - JSON-RPC Remote Code Execution / Information Disclosure
μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure
EChat Server 3.1 - 'CHAT.ghp' Buffer Overflow
Disk Savvy Enterprise 10.4.18 - Buffer Overflow (SEH)
Disk Pulse Enterprise 10.4.18 - 'Import Command' Buffer Overflow (SEH)
2018-02-22 05:01:46 +00:00
Offensive Security
e630f8c249
DB: 2018-02-16
...
45 changes to exploits/shellcodes
Cisco ASA - Crash PoC
Cisco ASA - Crash (PoC)
GNU binutils 2.26.1 - Integer Overflow (POC)
GNU binutils 2.26.1 - Integer Overflow (PoC)
K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read
Linux Kernel - 'AF_PACKET' Use-After-Free
Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service
Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly (2)
Microsoft Edge Chakra JIT - Memory Corruption
Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass
Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions
Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion
Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion
Microsoft Edge Chakra JIT - 'LdThis' Type Confusion
Pdfium - Pattern Shading Integer Overflows
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace
Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow
Hotspot Shield - Information Disclosure
Linux Kernel (Ubuntu 17.04) - 'XFRM' Local Privilege Escalation
Nitro Pro PDF - Multiple Vulnerabilities
Odoo CRM 10.0 - Code Execution
Dashlane - DLL Hijacking
LightDM (Ubuntu 16.04/16.10) - Guest Account Local Privilege Escalation
LightDM (Ubuntu 16.04/16.10) - 'Guest Account' Local Privilege Escalation
Trustwave SWG 11.8.0.27 - SSH Unauthorized Access
Ichano AtHome IP Cameras - Multiple Vulnerabilities
Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution
Ikraus Anti Virus 2.16.7 - Remote Code Execution
McAfee Security Scan Plus - Remote Command Execution
OrientDB - Code Execution
360 Total Security - Local Privilege Escalation
HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution
Oracle Knowledge Management 12.1.1 < 12.2.5 - XML External Entity Leading To Remote Code Execution
iBall WRA150N - Multiple Vulnerabilities
GitStack - Unauthenticated Remote Code Execution
Monstra CMS - Remote Code Execution
Ametys CMS 4.0.2 - Unauthenticated Password Reset
DblTek - Multiple Vulnerabilities
FiberHome - Directory Traversal
PHP Melody 2.7.3 - Multiple Vulnerabilities
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure
Horde Groupware 5.2.21 - Unauthorized File Download
QNAP HelpDesk < 1.1.12 - SQL Injection
Hanbanggaoke IP Camera - Arbitrary Password Change
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal
Cisco DPC3928 Router - Arbitrary File Disclosure
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
Geneko Routers - Unauthenticated Path Traversal
Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
2018-02-16 05:01:50 +00:00
Offensive Security
6635886cc0
DB: 2018-02-14
...
5 changes to exploits/shellcodes
CloudMe Sync < 1.11.0 - Buffer Overflow
Advantech WebAccess 8.3.0 - Remote Code Execution
TypeSetter CMS 5.1 - 'Host' Header Injection
TypeSetter CMS 5.1 - Cross-Site Request Forgery
News Website Script 2.0.4 - 'search' SQL Injection
2018-02-14 05:01:44 +00:00
Offensive Security
2c4b08963a
DB: 2018-02-08
...
25 changes to exploits/shellcodes
QNAP NAS Devices - Heap Overflow
QNAP NVR/NAS - Buffer Overflow (PoC)
QNAP NVR/NAS Devices - Buffer Overflow (PoC)
Cisco ASA - Crash PoC
Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
Android - 'getpidcon' Permission Bypass in KeyStore Service
Multiple OEM - 'nsd' Remote Stack Format String (PoC)
HP-UX 11.0 - pppd Stack Buffer Overflow
HP-UX 11.0 - 'pppd' Local Stack Buffer Overflow
SGI IRIX - 'LsD' Multiple Buffer Overflows
SGI IRIX - 'LsD' Multiple Local Buffer Overflows
PostScript Utilities - 'psnup' Argument Buffer Overflow
PostScript Utilities - 'psnup' Local Buffer Overflow
Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflows
Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows
MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation
Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access
Geovision Inc. IP Camera & Video - Remote Command Execution
Axis SSI - Remote Command Execution / Read Files
Axis Communications MPQT/PACS - Heap Overflow / Information Leakage
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD
Uniview - Remote Command Execution / Export Config (PoC)
Vitek - Remote Command Execution / Information Disclosure (PoC)
Vivotek IP Cameras - Remote Stack Overflow (PoC)
Dahua Generation 2/3 - Backdoor Access
HiSilicon DVR Devices - Remote Code Execution
JiRos Banner Experience 1.0 - Unauthorised Create Admin
JiRos Banner Experience 1.0 - Unauthorized Create Admin
Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting
Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting
Naukri Clone Script - Persistent Cross-Site Scripting
Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting
Online Test Script 2.0.7 - 'cid' SQL Injection
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
2018-02-08 05:01:53 +00:00
Offensive Security
efd633079a
DB: 2018-02-06
...
19 changes to exploits/shellcodes
WordPress Core - 'load-scripts.php' Denial of Service
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)
Claymore Dual GPU Miner 10.5 - Format String
Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)
MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation
BOCHS 2.6-5 - Buffer Overflow
Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)
Wonder CMS 2.3.1 - Unrestricted File Upload
Wonder CMS 2.3.1 - 'Host' Header Injection
Matrimonial Website Script 2.1.6 - 'uid' SQL Injection
NixCMS 1.0 - 'category_id' SQL Injection
Online Voting System - Authentication Bypass
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection
Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection
Joomla! Component jLike 1.0 - Information Leak
Joomla! Component JSP Tickets 1.1 - SQL Injection
Student Profile Management System Script 2.0.6 - Authentication Bypass
Netis WF2419 Router - Cross-Site Scripting
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
2018-02-06 05:01:50 +00:00
Offensive Security
c502d37394
DB: 2018-02-02
...
4 changes to exploits/shellcodes
WebKit - 'detachWrapper' Use-After-Free
WebKit - 'WebCore::FrameView::clientToLayoutViewportPoint' Use-After-Free
Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)
BMC Server Automation RSCD Agent - NSH Remote Command Execution (Metasploit)
2018-02-02 05:01:51 +00:00
Offensive Security
62ce2d17ed
DB: 2018-01-31
...
8 changes to exploits/shellcodes
LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow
System Shield 5.0.0.136 - Privilege Escalation
HPE iMC 7.3 - RMI Java Deserialization
Advantech WebAccess < 8.3 - SQL Injection
Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection
Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
2018-01-31 05:01:49 +00:00
Offensive Security
bd1b51b595
DB: 2018-01-27
...
9 changes to exploits/shellcodes
RAVPower 2.000.056 - Memory Disclosure
Acunetix WVS 10 - Local Privilege Escalation
NoMachine 5.3.9 - Local Privilege Escalation
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)
Acunetix WVS 10 - Remote Command Execution
Exodus Wallet (ElectronJS Framework) - Remote Code Execution
BMC BladeLogic 8.3.00.64 - Remote Command Execution
Vodafone Mobile Wifi - Reset Admin Password
Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution
ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
Dodocool DC38 N300 - Cross-site Request Forgery
WordPress Plugin Learning Management System - 'course_id' SQL Injection
Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)
2018-01-27 05:01:58 +00:00
Offensive Security
8a2e4ff27a
DB: 2018-01-19
...
58 changes to exploits/shellcodes
Smiths Medical Medfusion 4000 - 'DHCP' Denial of Service
WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::InputType::element' Use-After-Free (1)
WebKit - 'WebCore::InputType::element' Use-After-Free
WebKit - 'WebCore::InputType::element' Use-After-Free (2)
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (1)
Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (2)
Rosoft Media Player 4.2.1 - Local Buffer Overflow
Rosoft Media Player 4.2.1 (Windows XP SP2/3 French) - Local Buffer Overflow
GNU Screen 4.5.0 - Local Privilege Escalation
GNU Screen 4.5.0 - Local Privilege Escalation (PoC)
glibc - 'getcwd()' Local Privilege Escalation
JAD java Decompiler 1.5.8e - Local Buffer Overflow
JAD Java Decompiler 1.5.8e - Local Buffer Overflow
JAD Java Decompiler 1.5.8e - Local Buffer Overflow
JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled)
Ability Server 2.34 - Remote APPE Buffer Overflow
Ability Server 2.34 - 'APPE' Remote Buffer Overflow
CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)
CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1)
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)
CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)
CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (2)
Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow
Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1)
Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow
Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Invision Power Board 2.0.3 - 'login.php' SQL Injection
Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)
FOSS Gallery Public 1.0 - Arbitrary File Upload
FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC)
Vastal I-Tech Agent Zone - SQL Injection
Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection
Netsweeper 4.0.8 - Authentication Bypass
Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine)
Netsweeper 4.0.8 - Authentication Bypass
Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation)
Primefaces 5.x - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit)
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit)
Vastal I-Tech Agent Zone - SQL Injection
Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection
BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes)
BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)
FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes)
FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) + Null-Free Shellcode (65 bytes)
Linux/x86 - execve() Null-Free Shellcode (Generator)
Linux/x86 - execve() + Null-Free Shellcode (Generator)
Windows XP SP1 - Bind TCP Shell Shellcode (Generator)
Windows (XP SP1) - Bind TCP Shell Shellcode (Generator)
Linux/x86 - Command Generator Null-Free Shellcode (Generator)
Linux/x86 - Command Generator + Null-Free Shellcode (Generator)
(Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes)
Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)
Linux/x86 - HTTP/1.x Requests Shellcode (18+/26+ bytes) (Generator)
Windows/x86 - Multi-Format Encoding Tool Shellcode (Generator)
Linux/x86 - PUSH reboot() Shellcode (30 bytes)
Linux/x86 - Shellcode Obfuscator Null-Free (Generator)
Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)
Linux/x86 - reboot() + PUSH Shellcode (30 bytes)
Linux/x86 - Shellcode Obfuscator + Null-Free (Generator)
Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) + Null-Free Shellcode (28 bytes)
Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - execve() Read Shellcode (92 bytes)
Linux/x86 - execve() + Read Shellcode (92 bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A ) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A ) + execve() + Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid() + Executes Command Shellcode (49+ bytes)
Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes)
Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - execve() + Diassembly + Obfuscation Shellcode (32 bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() + Null-Free Shellcode (236 bytes)
Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes)
Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) + XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) Shellcode + 1 Encoded (39 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - execve(/bin/sh) + Anti-Debug Trick (INT 3h trap) Shellcode (39 bytes)
Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Eject CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes)
Linux/x86 - (eax != 0 and edx == 0) + exit() Shellcode (4 bytes)
Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - Snoop /dev/dsp + Null-Free Shellcode (172 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Alphanumeric Encoded + IMUL Method Shellcode (88 bytes)
Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes)
Linux/IA32 - execve(/bin/sh) + 0xff-Free Shellcode (45 bytes)
Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)
Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes)
Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (55 bytes)
OSX/PPC - Reboot Shellcode (28 bytes)
OSX/PPC - Reboot() Shellcode (28 bytes)
Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl ) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes)
Solaris/MIPS - Download File (http://10.1.1.2:80/evil-dl ) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - setreuid() + Executes Command Shellcode (92+ bytes)
Solaris/SPARC - setreuid + execve() Shellcode (56 bytes)
Solaris/SPARC - setreuid() + execve() Shellcode (56 bytes)
Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) + Null-Free Shellcode (39 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - Egg Omelet SEH Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File (http://127.0.0.1/file.exe ) + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - MessageBox Shellcode (110 bytes)
Windows x86 - Command WinExec() Shellcode (104+ bytes)
Windows x86 - Download File (http://www.ph4nt0m.org/a.exe ) + Execute (C:/a.exe) Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)
Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)
Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe ) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)
Windows XP - Download File (http://www.elitehaven.net/ncat.exe ) + Execute (nc.exe) Null-Free Shellcode
Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)
Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode
Windows/x86 (XP SP2) (English) - cmd.exe Shellcode (23 bytes)
Windows/x86 - Egg Omelet SEH Shellcode
Windows/x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows/x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes)
Windows/x86 (XP SP2) - cmd.exe Shellcode (57 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes)
Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows/x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows/x86 - Download File + Execute Shellcode (192 bytes)
Windows/x86 - Download File (http://127.0.0.1/file.exe ) + Execute Shellcode (124 bytes)
Windows/x86 (NT/XP) - IsDebuggerPresent Shellcode (39 bytes)
Windows/x86 (SP1/SP2) - Beep Shellcode (35 bytes)
Windows/x86 (XP SP2) - MessageBox Shellcode (110 bytes)
Windows/x86 - Command WinExec() Shellcode (104+ bytes)
Windows/x86 - Download File (http://www.ph4nt0m.org/a.exe ) + Execute (C:/a.exe) Shellcode (226+ bytes)
Windows (NT/2000/XP) (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows (9x/NT/2000/XP) - Reverse Generic Without Loader (192.168.1.11:4919) Shellcode (249 bytes)
Windows (9x/NT/2000/XP) - PEB method Shellcode (29 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)
Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes)
Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)
Windows (XP/2000/2003) - Download File (http://127.0.0.1/test.exe ) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)
Windows (XP) - Download File (http://www.elitehaven.net/ncat.exe ) + Execute (nc.exe) + Null-Free Shellcode
Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)
Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe ) + Execute Shellcode (218+ bytes)
Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe ) + Execute Shellcode (218+ bytes)
Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)
Linux/x86 - setuid(0) + execve(/sbin/poweroff -f) Shellcode (47 bytes)
Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes)
Windows (XP SP2) - PEB ISbeingdebugged Beep Shellcode (56 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode
Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode
Windows/x86 (XP SP3) - ShellExecuteA Shellcode
Linux/x86 - setreuid(0_0) + execve(/bin/rm /etc/shadow) Shellcode
Windows/x86 (XP SP3) - Add Firewall Rule (Allow 445/TCP) Shellcode
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Windows/x86 (XP SP2) - calc.exe Shellcode (45 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes)
Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes)
Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)
Windows (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Windows/x86 (XP SP2) (French) - calc Shellcode (19 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes)
Windows/x86 (XP SP2) (Turkish) - cmd.exe Shellcode (26 bytes)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)
Windows (XP Home SP2) (English) - calc.exe Shellcode (37 bytes)
Windows (XP Home SP3) (English) - calc.exe Shellcode (37 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows - Egghunter JITed Stage-0 Shellcode
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode
Windows/x86 - JITed Stage-0 Shellcode
Windows/x86 - JITed exec notepad Shellcode
Windows (XP Professional SP2) (Italian) - calc.exe Shellcode (36 bytes)
Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows - Egghunter (0x07333531) JITed Stage-0 Shellcode
Windows/x86 (XP SP3) (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows/x86 - MessageBox Shellcode (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (25 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - execve(a->/bin/sh) + Local-only Shellcode (14 bytes)
Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86 - setreud(getuid()_ getuid()) + execve(/bin/sh) Shellcode (34 bytes)
Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_ ) + Execute (c:\backdor.exe) Shellcode
Windows (XP SP2) (French) - Download File (http://www.site.com/nc.exe ) + Execute (c:\backdor.exe) Shellcode
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)
Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - unlink /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes)
Windows/x86-64 (7) - cmd Shellcode (61 bytes)
Linux/x86 - unlink(/etc/shadow) Shellcode (33 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator)
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) + XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) + Null-Free Shellcode
Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)
Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic + Null-Free Shellcode (46 bytes)
Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes)
Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)
Windows/x86 - Egghunter Checksum Routine Shellcode (18 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode
Windows Mobile 6.5 TR - Phone Call Shellcode
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Windows/x86 (XP SP3) (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode
Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode
Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode
Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode
Windows/x86 (5.0 < 7.0) - Speaking 'You got pwned!' + Null-Free Shellcode
Windows x86 - Eggsearch Shellcode (33 bytes)
Windows/x86 - Eggsearch Shellcode (33 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter + Null-Free Shellcode (29 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password + Polymorphic Shellcode
Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows XP Professional SP3 - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)
Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows (XP Professional SP3) - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)
Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt ) + WinExec + ExitProcess Shellcode
Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt ) + WinExec + ExitProcess Shellcode
Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)
Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes)
Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode
Linux/x86 - Egghunter Shellcode (31 bytes)
Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode
Linux/x86 - Egghunter (0x56767606) Using fstenv + Obfuscation Shellcode (31 bytes)
Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Windows - MessageBox Null-Free Shellcode (113 bytes)
Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Windows - MessageBox + Null-Free Shellcode (113 bytes)
Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)
Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)
Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)
Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)
Linux/x86 - rmdir Shellcode (37 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (84 bytes)
Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes)
Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (40 bytes)
Linux/x86 - Egghunter Shellcode (20 bytes)
Linux/x86 - Egghunter (0x5159) Shellcode (20 bytes)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)
Linux/x86 - Create 'my.txt' In Working Directory Shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/sbin/halt) + exit(0) Shellcode (49 bytes)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Shellcode (57 bytes)
Windows/x86 (XP SP3) - Create (file.txt) Shellcode (83 bytes)
Windows/x86 (XP SP3) - Restart Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x86 - Reboot Shellcode (28 bytes)
Linux/x86 - Reboot() Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Linux/x86 - Egghunter Shellcode (19 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode
Windows 2003 x64 - Token Stealing Shellcode (59 bytes)
OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode
Windows/x86 (XP SP3) (Turkish) - MessageBox Shellcode (24 bytes)
Linux/x86 - Egghunter (0x50905090) Without Hardcoded Signature Shellcode (19 bytes)
Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode
Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
Linux/x86-64 - Egghunter Shellcode (24 bytes)
Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator)
Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator)
Linux/x86-64 - Egghunter Shellcode (18 bytes)
Linux/x86 - Egghunter Shellcode (13 bytes)
Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x86 - Egghunter (0x4f904790) Shellcode (13 bytes)
Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe ) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe ) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes)
Windows/x86 (.Net Framework) - Execute Native x86 Shellcode
Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes)
Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes)
Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes)
Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes)
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows XP < 10 - Download File + Execute Shellcode
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Windows/x86 - system(systeminfo) Shellcode (224 bytes)
Windows (XP < 10) - Download File + Execute Shellcode
Windows/x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes)
Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Windows/x86 (7) - localhost Port Scanner Shellcode (556 bytes)
Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes)
Windows x86 - MessageBoxA Shellcode (242 bytes)
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes)
Windows/x86 - MessageBoxA Shellcode (242 bytes)
Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Windows/x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
OSX/PPC - Stager Sock Find MSG_PEEK Shellcode
OSX/PPC - Stager Sock Find MSG_PEEK + Null-Free Shellcode
OSX/PPC - execve(/bin/sh) Shellcode
OSX/PPC - execve(/bin/sh) + Null-Free Shellcode
Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator)
Linux/x86 - Socket-proxy Shellcode (372 bytes) (Generator)
Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes)
Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes)
Linux/x86 - rmdir(/tmp/willdeleted) Shellcode (41 bytes)
Linux/x86 - setdomainname(th1s s3rv3r h4s b33n h1j4ck3d !!) Shellcode (58 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3)
Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)
Linux/x86 - Egghunter Shellcode (38 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)
Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86 - Egghunter (0x50905090) + Null-Free Shellcode (38 bytes)
Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6)
Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes)
Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes)
Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes)
Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes)
Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes)
Linux/x86 - Uzumaki Encryptor Shellcode (Generator)
Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes)
Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes)
Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes)
Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes)
Linux/x86 - Bind TCP Shell Shellcode (112 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes)
Linux/x86 - Download File (http://192.168.2.222/x ) + chmod() + execute Shellcode (108 bytes)
Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes)
Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes)
Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes)
Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes)
Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)
Linux/x86 - shutdown -h now Shellcode (56 bytes)
Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)
Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes)
Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes)
Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes)
Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)
Windows/x86 - Create Admin User (X) Shellcode (304 bytes)
Windows/x86 (XP SP3) (French) - Sleep 90 Seconds Shellcode (14 bytes)
Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes)
Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes)
Windows/x86 (XP Professional SP3) (French) - calc.exe Shellcode (31 bytes)
Windows/x86 - Download File (http://skypher.com/dll ) + LoadLibrary + Null-Free Shellcode (164 bytes)
Windows/x86 - calc.exe + Null-Free Shellcode (100 bytes)
Windows/x86 - Message Box + Null-Free Shellcode (140 bytes)
Windows/x86 (XP SP3) (Turkish) - MessageBoxA Shellcode (109 bytes)
Windows/x86 (XP SP3) (Turkish) - calc.exe Shellcode (53 bytes)
Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (52 bytes)
Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (42 bytes)
Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes)
Windows/x86 (XP SP3) - MessageBox Shellcode (11 bytes)
Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe ) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir Shellcode (25 bytes)
Windows/x86-64 - Download File (http://192.168.10.129/pl.exe ) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution + Null-Free Shellcode (72 bytes)
Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir() Shellcode (25 bytes)
Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)
Windows/x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Windows/x86 - Executable Directory Search + Null-Free Shellcode (130 bytes)
Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)
Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)
Windows x86 - Hide Console Window Shellcode (182 bytes)
Windows/x86 - Hide Console Window Shellcode (182 bytes)
Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes)
Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes)
Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes)
Linux/SPARC - setreuid(0_0) + execve() Shellcode (72 bytes)
Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)
Linux/x86 - exceve(/bin/sh) + Encoded Shellcode (44 bytes)
Linux/x86 - Insertion Decoder + Null-Free Shellcode (33+ bytes)
Windows 10 x64 - Egghunter Shellcode (45 bytes)
Windows/x86-64 (10) - Egghunter Shellcode (45 bytes)
Linux/x86 - Egghunter Shellcode (18 bytes)
Linux/x86 - Egghunter (0x50905090) + /bin/sh Shellcode (18 bytes)
Windows x86/x64 - cmd.exe Shellcode (718 bytes)
Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) + XOR Encoded Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (4)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86-64 - mkdir(evil) Shellcode (30 bytes)
Windows x64 - API Hooking Shellcode (117 bytes)
Windows/x86-64 - API Hooking Shellcode (117 bytes)
2018-01-19 05:01:43 +00:00
Offensive Security
50c008ba06
DB: 2018-01-16
...
39 changes to exploits/shellcodes
OBS studio 20.1.3 - Local Buffer Overflow
Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation
Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation
SysGauge Server 3.6.18 - Buffer Overflow
Disk Pulse Enterprise 10.1.18 - Buffer Overflow
Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution
ImgHosting 1.5 - Cross-Site Scripting
Domains & Hostings Manager PRO 3.0 - Authentication Bypass
PerfexCRM 1.9.7 - Arbitrary File Upload
RISE 1.9 - 'search' SQL Injection
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
Adminer 4.3.1 - Server-Side Request Forgery
Oracle PeopleSoft 8.5x - Remote Code Execution
ILIAS < 5.2.4 - Cross-Site Scripting
Flash Operator Panel 2.31.03 - Command Execution
pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection
BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)
BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes)
BSD/x86 - setuid(0) + Bind TCP Shell (31337/TCP) Shellcode (94 bytes)
BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes)
BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes)
BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes)
BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes)
BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes)
BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)
BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes)
BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)
FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes)
FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000/TCP) Null-Free Shellcode (89 bytes)
FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes)
FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes)
FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes)
FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes)
Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode
Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes)
Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)
Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes)
Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes)
Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes)
Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes)
Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes)
Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum Shell (/bin/sh) Shellcode (235 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337/TCP) Shellcode (82 bytes) (Generator)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes)
Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes)
Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes)
Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes)
NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes)
NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (30 bytes)
OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes)
OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes)
Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes)
Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes)
Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53/TCP) Shellcode (275 bytes) (Generator)
Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes)
FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes)
Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes)
Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes)
BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes)
BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes)
Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode
Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode
Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator)
FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes)
FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator)
FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes)
Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)
Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes)
Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes)
Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;*#) Shellcode (637 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes)
Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)
Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode
Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode
Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes)
Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes)
Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes)
Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes)
Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes)
Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes)
Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes)
OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes)
OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes)
Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes)
Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes)
Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes)
Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes)
Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + Fork + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes)
Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes)
Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)
Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)
OpenBSD/x86 - reboot() Shellcode (15 bytes)
Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes)
Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)
Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes)
Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes)
Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes)
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes)
FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes)
FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes)
FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes)
IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes)
IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes)
Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes)
Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes)
Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes)
Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes)
Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes)
Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes)
Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes)
Linux/x86-64 - shutdown -h now Shellcode (65 bytes)
Linux/x86-64 - shutdown -h now Shellcode (64 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)
Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)
Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes)
Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)
Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)
2018-01-16 05:02:18 +00:00
Offensive Security
f589361686
DB: 2018-01-13
...
1949 changes to exploits/shellcodes
Bird Chat 1.61 - Denial of Service
Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow
Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service
PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow
PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)
Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service
Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1)
Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2)
HP Data Protector Media Operations - Null Pointer Dereference Remote Denial of Service
AnyDVD 6.7.1.0 - Denial of Service
Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098)
Apple Safari - GdiDrawStream Blue Screen of Death
Oracle VM VirtualBox 4.1 - Local Denial of Service
Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)
VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC)
Samba < 3.6.2 (x86) - Denial of Service (PoC)
Adobe Flash (Linux x64) - Bad Dereference at 0x23c
Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect
Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec
Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash - Shared Object Type Confusion
Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec
Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash - Shared Object Type Confusion
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073)
Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073)
Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061)
Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)
Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073)
Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073)
Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061)
Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061)
Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061)
Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061)
Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097)
Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)
Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061)
Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)
Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097)
Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)
Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097)
Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service)
Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow
win32k Desktop and Clipboard - Null Pointer Dereference
win32k Clipboard Bitmap - Use-After-Free
win32k Desktop and Clipboard - Null Pointer Dereference
win32k Clipboard Bitmap - Use-After-Free
Adobe Flash Selection.SetSelection - Use-After-Free
Adobe Flash Sound.setTransform - Use-After-Free
Adobe Flash - Use-After-Free When Setting Stage
Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)
Core FTP Server 32-bit Build 587 - Heap Overflow
Microsoft Windows - Custom Font Disable Policy Bypass
Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service
Kentico CMS 11.0 - Buffer Overflow
PyroBatchFTP < 3.19 - Buffer Overflow
Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure
Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation
GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow
Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow
Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation
PHP 5.2.9 (Windows x86) - Local Safemod Bypass
Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1)
HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow
RadASM - '.rap' file Local Buffer Overflow
Mini-stream RM-MP3 Converter 3.1.2.1 - '.pls' Local Stack Buffer Overflow Universal
Audiotran 1.4.2.4 - Local Overflow (SEH)
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation (1)
Linux Kernel 4.6.3 (x86) - 'Netfilter' Local Privilege Escalation (Metasploit)
VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit)
PHP 5.4.3 (Windows x86 Polish) - Code Execution
Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042)
Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure
Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Local Privilege Escalation (1)
Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Privilege Escalation (2)
Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Local Privilege Escalation (2)
Novell Client 2 SP3 - 'nicm.sys' Local Privilege Escalation (Metasploit)
Solaris Recommended Patch Cluster 6/19 (x86) - Local Privilege Escalation
Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation (Metasploit)
Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Local Privilege Escalation (3)
LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure
Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation
Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit)
Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation
Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Privilege Escalation (3)
TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure
OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation
Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation
Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit)
Microsoft Bluetooth Personal Area Networking - 'BthPan.sys' Local Privilege Escalation (Metasploit)
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)
Offset2lib - Bypassing Full ASLR On 64 bit Linux
Linux Kernel (x86-64) - Rowhammer Privilege Escalation
Rowhammer - NaCl Sandbox Escape
Linux Kernel (x86-64) - Rowhammer Privilege Escalation
Rowhammer - NaCl Sandbox Escape
Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058)
Linux espfix64 - Nested NMIs Interrupting Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation
Linux espfix64 - Nested NMIs Interrupting Privilege Escalation
Linux (x86) - Memory Sinkhole Privilege Escalation
Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002)
Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit)
TrueCrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
Microsoft Windows 8.1 - 'win32k' Local Privilege Escalation (MS15-010)
MySQL 5.5.45 (x64) - Local Credentials Disclosure
Microsoft Windows 7 SP1 (x86) - 'WebDAV' Local Privilege Escalation (MS16-016) (1)
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)
ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation
Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)
Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation
Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit)
Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)
Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062)
Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak
Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098)
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation
Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation
Linux Kernel - 'offset2lib' Stack Clash
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
Linux Kernel - 'offset2lib' Stack Clash
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)
Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow
Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation
BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution
Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032)
Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution
gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String
PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit)
dproxy-nexgen (Linux x86) - Remote Buffer Overflow
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow
3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)
SapLPD 6.28 (Windows x86) - Remote Buffer Overflow
Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow
Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow
32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH)
32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit)
Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution
Integard Home and Pro 2 - Remote HTTP Buffer Overflow
Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit)
Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit)
Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit)
AASync 2.2.1.0 (Windows x86) - Remote Stack Buffer Overflow 'LIST' (Metasploit)
32bit FTP Client - Remote Stack Buffer Overflow (Metasploit)
SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow (Metasploit)
SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit)
Icecast 2.0.1 (Windows x86) - Header Overwrite (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)
McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)
McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit)
PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit)
Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit)
CA CAM (Windows x86) - 'log_security()' Remote Stack Buffer Overflow (Metasploit)
Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit)
Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit)
WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3)
Nginx 1.3.9/1.4.0 (x86) - Brute Force
Nginx 1.4.0 (Generic Linux x64) - Remote Overflow
Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit)
Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution (Metasploit)
Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution
PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit)
PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit)
ALLMediaServer 0.95 - Buffer Overflow
Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)
Rancher Server - Docker Daemon Code Execution (Metasploit)
Unitrends UEB 9 - http api/storage Remote Root (Metasploit)
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)
Unitrends UEB 9 - http api/storage Remote Root (Metasploit)
Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)
Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007)
PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion
Joomla! Component Elite Experts - SQL Injection
Traidnt UP - Cross-Site Request Forgery (Add Admin)
Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting
Infoblox 6.8.2.11 - OS Command Injection
Xnami 1.0 - Cross-Site Scripting
Taxi Booking Script 1.0 - Cross-site Scripting
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes)
Linux/MIPS - execve /bin/sh Shellcode (56 bytes)
Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes)
Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes)
Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)
Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)
Linux/x86 - File Unlinker Shellcode (18+ bytes)
Linux/x86 - Perl Script Execution Shellcode (99+ bytes)
Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)
Linux/x86 - killall5 Shellcode (34 bytes)
Linux/x86 - PUSH reboot() Shellcode (30 bytes)
Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes)
Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes)
Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)
Linux/x86 - File Unlinker Shellcode (18+ bytes)
Linux/x86 - Perl Script Execution Shellcode (99+ bytes)
Linux/x86 - Read /etc/passwd Shellcode (65+ bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)
Linux/x86 - killall5 Shellcode (34 bytes)
Linux/x86 - PUSH reboot() Shellcode (30 bytes)
Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)
Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} Shellcode (12 bytes)
Linux/x86 - System Beep Shellcode (45 bytes)
Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)
Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - execve read Shellcode (92 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes)
Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes)
Linux/x86 - Fork Bomb Shellcode (7 bytes)
Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)
Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A ) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)
Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)
Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes)
Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes)
Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)
Linux/x86 - iopl(3) + asm(cli) + while(1){} Shellcode (12 bytes)
Linux/x86 - System Beep Shellcode (45 bytes)
Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes)
Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)
Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - Kill All Processes Shellcode (11 bytes)
Linux/x86 - execve read Shellcode (92 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes)
Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes)
Linux/x86 - Fork Bomb Shellcode (7 bytes)
Linux/x86 - execve(rm -rf /) Shellcode (45 bytes)
Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A ) + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes)
Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)
Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)
Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin ) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)
Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes)
Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)
Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)
Linux/x86 - reboot() Shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes)
Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin ) + Receive Shellcode + Payload Loader Shellcode (68+ bytes)
Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes)
Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes)
Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes)
Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes)
Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes)
Linux/x86 - reboot() Shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes)
Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); Shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); Shellcode (29 bytes)
Linux/x86 - _exit(1); Shellcode (7 bytes)
Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)
Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - upload + exec Shellcode (189 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)
Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)
Linux/x86 - execve code Shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - Kill Snort Shellcode (151 bytes)
Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes)
Linux/x86 - execve /bin/sh Shellcode (29 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)
Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)
Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes)
Linux/x86 - dup2(0_0) + dup2(0_1) + dup2(0_2) Shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf() Shellcode (29 bytes)
Linux/x86 - _exit(1) Shellcode (7 bytes)
Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes)
Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2)
Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - upload + exec Shellcode (189 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Self-Modifying Radical Shellcode (70 bytes)
Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)
Linux/x86 - execve code Shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - Kill Snort Shellcode (151 bytes)
Linux/x86 - Execute At Shared Memory Shellcode (50 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes)
Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes)
Linux/x86 - execve /bin/sh Shellcode (29 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)
Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL); Shellcode (43 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes)
Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - Egg Omelet SEH Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - Egg Omelet SEH Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File (http://127.0.0.1/file.exe ) + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - MessageBox Shellcode (110 bytes)
Windows x86 - Command WinExec() Shellcode (104+ bytes)
Windows x86 - Download File (http://www.ph4nt0m.org/a.exe ) + Execute (C:/a.exe) Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File (http://127.0.0.1/file.exe ) + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - MessageBox Shellcode (110 bytes)
Windows x86 - Command WinExec() Shellcode (104+ bytes)
Windows x86 - Download File (http://www.ph4nt0m.org/a.exe ) + Execute (C:/a.exe) Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes)
Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe ) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)
Windows XP - Download File (http://www.elitehaven.net/ncat.exe ) + Execute (nc.exe) Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Windows - DCOM RPC2 Universal Shellcode
Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe ) + Execute Shellcode (218+ bytes)
Linux/x86 - Kill All Processes Shellcode (9 bytes)
Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve Shellcode (51 bytes)
Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe ) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)
Windows XP - Download File (http://www.elitehaven.net/ncat.exe ) + Execute (nc.exe) Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Windows - DCOM RPC2 Universal Shellcode
Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe ) + Execute Shellcode (218+ bytes)
Linux/x86 - Kill All Processes Shellcode (9 bytes)
Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve Shellcode (51 bytes)
Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode
Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode
Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode
Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)
Linux/x86 - Disable modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)
Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes)
Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes)
Linux/x86 - Disable modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)
Linux/x86 - DoS Badger Game Shellcode (6 bytes)
Linux/x86 - DoS SLoc Shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)
Linux/x86 - DoS Badger Game Shellcode (6 bytes)
Linux/x86 - DoS SLoc Shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)
Linux/x86 - Fork Bomb Shellcode (6 bytes) (2)
Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)
Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_ ) + Execute (c:\backdor.exe) Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); Shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)
Linux/x86 - Fork Bomb Shellcode (6 bytes) (2)
Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)
Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_ ) + Execute (c:\backdor.exe) Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)
Linux/x86 - Disable ASLR Security Shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes)
Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - Kill All Running Process Shellcode (11 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes)
Linux/x86 - Hard Reboot Shellcode (29 bytes)
Linux/x86 - Hard Reboot Shellcode (33 bytes)
Linux/x86 - Disable ASLR Security Shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes)
Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - Kill All Running Process Shellcode (11 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes)
Linux/x86 - Hard Reboot Shellcode (29 bytes)
Linux/x86 - Hard Reboot Shellcode (33 bytes)
Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes)
Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes)
Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode
Windows x86 - Eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
Windows x86 - Eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
Linux/x86 - Disable ASLR Security Shellcode (83 bytes)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes)
Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes)
Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (52 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)
Linux/x86 - execve /bin/dash Shellcode (42 bytes)
Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)
Linux/x86 - execve /bin/dash Shellcode (42 bytes)
Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes)
Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes)
MIPS (Little Endian) - system() Shellcode (80 bytes)
Linux/MIPS (Little Endian) - system() Shellcode (80 bytes)
Linux/x86 - Egghunter Shellcode (31 bytes)
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)
Linux/x86 - Egghunter Shellcode (31 bytes)
Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes)
Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir Shellcode (37 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) Position Independent Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir Shellcode (37 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes)
Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Egghunter Shellcode (20 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes)
Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Egghunter Shellcode (20 bytes)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)
Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Shellcode (57 bytes)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes)
Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Shellcode (57 bytes)
Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - exit(0) Shellcode (6 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - Shutdown(init 0) Shellcode (30 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 bytes)
Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)
Linux/x86 - Download File + Execute Shellcode
Linux/x86 - Reboot Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (23 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec /bin/dash Shellcode (45 bytes)
Linux/x86-64 - execve Encoded Shellcode (57 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Linux/x86 - Egghunter Shellcode (19 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
Windows 2003 x64 - Token Stealing Shellcode (59 bytes)
Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - exit(0) Shellcode (6 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - Shutdown(init 0) Shellcode (30 bytes)
Linux/x86 - Read /etc/passwd Shellcode (58 bytes)
Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)
Linux/x86 - Download File + Execute Shellcode
Linux/x86 - Reboot Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (23 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec /bin/dash Shellcode (45 bytes)
Linux/x86-64 - execve Encoded Shellcode (57 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Linux/x86 - Egghunter Shellcode (19 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
Windows 2003 x64 - Token Stealing Shellcode (59 bytes)
Linux/x86 - execve /bin/bash Shellcode (31 bytes)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Egghunter Shellcode (24 bytes)
Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Egghunter Shellcode (24 bytes)
Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - Egghunter Shellcode (18 bytes)
Linux/x86 - Egghunter Shellcode (13 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - Egghunter Shellcode (18 bytes)
Linux/x86 - Egghunter Shellcode (13 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/x86 - Download File + Execute Shellcode (135 bytes)
Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/x86 - Download File + Execute Shellcode (135 bytes)
Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)
Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe ) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)
Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe ) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Linux/x86-64 - Download File (http://192.168.30.129/pri.sh ) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
Linux/x86-64 - Download File (http://192.168.30.129/pri.sh ) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes)
Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x86 - MessageBoxA Shellcode (242 bytes)
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe ) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)
Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir Shellcode (25 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes)
Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x86 - MessageBoxA Shellcode (242 bytes)
Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)
Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Windows x64 - Download File (http://192.168.10.129/pl.exe ) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes)
Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir Shellcode (25 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Windows x86 - Hide Console Window Shellcode (182 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
Linux/x86 - execve /bin/dash Shellcode (30 bytes)
Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)
Linux/x86-64 - Egghunter Shellcode (38 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Windows x86 - Hide Console Window Shellcode (182 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
Linux/x86 - execve /bin/dash Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Windows 10 x64 - Egghunter Shellcode (45 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)
Linux/x86 - Egghunter Shellcode (18 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)
Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes)
Linux/ARM - creat(_/root/pwned__ 0777) Shellcode (39 bytes)
Linux/ARM - execve(_/bin/sh__ []_ [0 vars]) Shellcode (35 bytes)
Linux/ARM - execve(_/bin/sh__NULL_0) Shellcode (31 bytes)
Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes)
Linux/StrongARM - setuid() Shellcode (20 bytes)
Linux/StrongARM - execve(/bin/sh) Shellcode (47 bytes)
Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes)
Linux/SPARC - setreuid(0_0) + execve(/bin/sh) Shellcode (64 bytes)
Linux/SuperH (sh4) - execve(_/bin/sh__ 0_ 0) Shellcode (19 bytes)
Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes)
Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Windows 10 x64 - Egghunter Shellcode (45 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)
Linux/x86 - Egghunter Shellcode (18 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)
Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x86 - Fork Bomb Shellcode (9 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)
Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x86 - Fork Bomb Shellcode (9 bytes)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Windows x64 - API Hooking Shellcode (117 bytes)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Windows x64 - API Hooking Shellcode (117 bytes)
2018-01-13 05:02:13 +00:00
Offensive Security
81d6f781ab
DB: 2018-01-12
...
31 changes to exploits/shellcodes
MiniUPnP MiniUPnPc < 2.0 - Remote Denial of Service
Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon
Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation
Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation
macOS - 'process_policy' Stack Leak Through Uninitialized Field
Microsoft Edge Chakra - 'AppendLeftOverItemsFromEndSegment' Out-of-Bounds Read
Jungo Windriver 12.5.1 - Privilege Escalation
Jungo Windriver 12.5.1 - Local Privilege Escalation
Parity Browser < 1.6.10 - Bypass Same Origin Policy
Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' MITM Remote Code Execution
VideoCharge Studio 2.12.3.685 - 'GetHttpResponse()' Man In The Middle Remote Code Execution
Granding MA300 - Traffic Sniffing MitM Fingerprint PIN Disclosure
Granding MA300 - Traffic Sniffing Man In The Middle Fingerprint PIN Disclosure
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)
eVestigator Forensic PenTester - MITM Remote Code Execution
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution
BestSafe Browser - MITM Remote Code Execution
BestSafe Browser - Man In The Middle Remote Code Execution
SKILLS.com.au Industry App - MITM Remote Code Execution
Virtual Postage (VPA) - MITM Remote Code Execution
SKILLS.com.au Industry App - Man In The Middle Remote Code Execution
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - MITM Remote Code Execution
Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution
FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes)
BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes)
FreeBSD/x86 - Bind TCP Password Shell (4883/TCP) Shellcode (222 bytes)
FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY / Privilege Level To 15 / No Password Shellcode
HPUX - execve /bin/sh Shellcode (58 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve /bin/sh Shellcode (58 bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 Bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)
ARM - Bind TCP Shell (0x1337/TCP) Shellcode
ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode
Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode
Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode
Linux/ARM - ifconfig eth0 192.168.0.2 up Shellcode
FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes)
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 Bytes)
Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 Bytes)
Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 Bytes)
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes)
FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)
FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes)
FreeBSD - reboot() Shellcode (15 Bytes)
IRIX - execve(/bin/sh -c) Shellcode (72 bytes)
IRIX - execve(/bin/sh) Shellcode (43 bytes)
IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes)
IRIX - execve(/bin/sh) Shellcode (68 bytes)
IRIX - stdin-read Shellcode (40 bytes)
Linux/ARM - execve(_/bin/sh__ NULL_ 0) Shellcode (34 bytes)
Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 Bytes)
Linux/x86 - Read /etc/passwd Shellcode (54 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
2018-01-12 05:02:17 +00:00
Offensive Security
a7ddd8282b
DB: 2018-01-11
...
28 changes to exploits/shellcodes
Multiple CPUs - Information Leak Using Speculative Execution
Microsoft Edge Chakra JIT - 'Lowerer::LowerSetConcatStrMultiItem' Missing Integer Overflow Check
Jungo Windriver 12.5.1 - Privilege Escalation
DiskBoss Enterprise 8.8.16 - Buffer Overflow
HPE iMC - dbman RestoreDBase Unauthenticated Remote Command Execution (Metasploit)
HPE iMC - dbman RestartDB Unauthenticated Remote Command Execution (Metasploit)
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)
Worpress Plugin Service Finder Booking < 3.2 - Local File Disclosure
Muviko 1.1 - SQL Injection
WordPress Plugin Events Calendar - 'event_id' SQL Injection
WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery
WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege Escalation
WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation
WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery
Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting
BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes)
BSD/x86 - setuid(0) + Bind TCP Shell (31337/TCP) Shellcode (94 bytes)
BSD/x86 - execve /bin/cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes)
BSD/x86 - execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)
FreeBSD/x86 - Reverse TCP Shell (192.168.1.69:6969/TCP) Shellcode (129 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes)
FreeBSD/x86 - Bind TCP Shell (31337/TCP) + Fork Shellcode (111 bytes)
Linux/x86 - execve /bin/dash Shellcode (30 bytes)
Alpha - /bin/sh Shellcode (80 bytes)
Alpha - execve() Shellcode (112 bytes)
Alpha - setuid() Shellcode (156 bytes)
BSD/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh_) Shellcode (36 bytes)
Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)
2018-01-11 05:02:24 +00:00
Offensive Security
ffa8e63e25
DB: 2018-01-10
...
10 changes to exploits/shellcodes
Microsoft Edge Chakra JIT - Op_MaxInAnArray and Op_MinInAnArray can Explicitly call User-Defined JavaScript Functions
Microsoft Edge Chakra JIT - BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches
Microsoft Edge Chakra - 'asm.js' Out-of-Bounds Read
Microsoft Windows - 'nt!NtQuerySystemInformation (information class 138_ QueryMemoryTopologyInformation)' Kernel Pool Memory Disclosure
Android - Inter-Process munmap due to Race Condition in ashmem
Microsoft Windows - 'nt!NtQueryInformationProcess (information class 76_ QueryProcessEnergyValues)' Kernel Stack Memory Disclosure
Microsoft Edge Chakra JIT - Escape Analysis Bug
Microsoft Windows - Local XPS Print Spooler Sandbox Escape
Commvault Communications Service (cvd) - Command Injection (Metasploit)
osCommerce 2.2 - SQL Injection
2018-01-10 05:02:14 +00:00
Offensive Security