exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	e515bac4fe	DB: 2017-10-27 2 new exploits Microsoft Windows XP/2000 - TCP Connection Reset Remote Exploit Microsoft Windows XP/2000 - TCP Connection Reset WinEggDropShell 1.7 - Multiple Unauthenticated Remote Stack Overflows (PoC) WinEggDropShell 1.7 - Unauthenticated Multiple Remote Stack Overflows (PoC) FileCOPA FTP Server 1.01 - 'USER' Remote Unauthenticated Denial of Service FileCOPA FTP Server 1.01 - 'USER' Unauthenticated Remote Denial of Service Mercury/32 Mail SMTPD - Remote Unauthenticated Stack Based Overrun (PoC) Mercury/32 Mail SMTPD - Unauthenticated Remote Stack Based Overrun (PoC) Airsensor M520 - HTTPD Remote Unauthenticated Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Simple HTTPD 1.41 - '/aux' Remote Denial of Service Simple HTTPd 1.41 - '/aux' Remote Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Denial of Service Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service Oracle Internet Directory 10.1.4 - Unauthenticated Remote Denial of Service Linksys WAG54G v2 Wireless ADSL Router - httpd Denial of Service Linksys WAG54G v2 Wireless ADSL Router - HTTPd Denial of Service Nofeel FTP Server 3.6 - 'CWD' Command Remote Memory Consumption Nofeel FTP Server 3.6 - 'CWD' Remote Memory Consumption Home FTP Server 1.10.1.139 - 'SITE INDEX' Command Remote Denial of Service Home FTP Server 1.10.1.139 - 'SITE INDEX' Remote Denial of Service XM Easy Personal FTP Server - 'APPE' / 'DELE' Commands Denial of Service XM Easy Personal FTP Server - 'APPE' / 'DELE' Denial of Service httpdx 1.5.2 - Remote Unauthenticated Denial of Service (PoC) httpdx 1.5.2 - Unauthenticated Remote Denial of Service (PoC) httpdx 1.5.3b - Multiple Remote Unauthenticated Denial of Service Vulnerabilities (PoC) httpdx 1.5.3b - Unauthenticated Remote Denial of Service Multiple Vulnerabilities (PoC) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Crashs (SEH) (PoC) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Crashs (SEH) (PoC) TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1) TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (1) (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Command Remote Denial of Service (Gabriel's FTP Server) Open & Compact FTP Server 1.2 - 'PORT' Remote Denial of Service Motorola SB5101 Hax0rware Rajko HTTPD - Remote Exploit (PoC) Motorola SB5101 Hax0rware Rajko HTTPd - Remote Exploit (PoC) Unreal Tournament 3 2.1 - 'STEAMBLOB' Command Remote Denial of Service Unreal Tournament 3 2.1 - 'STEAMBLOB' Remote Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (2) TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2) Objectivity/DB - Lack of Authentication Remote Exploit Objectivity/DB - Lack of Authentication IPComp - encapsulation Unauthenticated kernel memory Corruption IPComp - encapsulation Unauthenticated Kernel Memory Corruption Crush FTP 5 - 'APPE' command Remote JVM Blue Screen of Death (PoC) Crush FTP 5 - 'APPE' Remote JVM Blue Screen of Death (PoC) torrent-stats - httpd.c Denial of Service torrent-stats - 'httpd.c' Denial of Service Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor status.cgi Denial of Service Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor 'status.cgi' Denial of Service WhitSoft SlimServe - HTTPD 1.1 Get Denial of Service WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service Linksys BEFSR41 1.4x - Gozila.cgi Denial of Service Linksys BEFSR41 1.4x - 'Gozila.cgi' Denial of Service BRS Webweaver 1.06 httpd - 'User-Agent' Remote Denial of Service BRS Webweaver 1.06 - HTTPd 'User-Agent' Remote Denial of Service Surfboard httpd 1.1.9 - Remote Buffer Overflow Surfboard HTTPd 1.1.9 - Remote Buffer Overflow RobotFTP Server 1.0/2.0 - Remote Unauthenticated Command Denial of Service RobotFTP Server 1.0/2.0 - Unauthenticated Remote Command Denial of Service Titan FTP Server 3.0 - 'LIST' Command Denial of Service Titan FTP Server 3.0 - 'LIST' Denial of Service Monkey HTTPD 1.1.1 - Crash (PoC) Monkey HTTPd 1.1.1 - Crash (PoC) Alt-N MDaemon 2-8 - Remote Unauthenticated IMAP Buffer Overflow Alt-N MDaemon 2-8 - IMAP Unauthenticated Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Command Remote Buffer Overflow Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow Surgemail and WebMail 3.0 - 'Page' Command Remote Format String Surgemail and WebMail 3.0 - 'Page' Remote Format String Call of Duty 4 1.5 - Malformed 'stats' Command Denial of Service Call of Duty 4 1.5 - 'stats' Denial of Service Softalk Mail Server 8.5.1 - 'APPEND' Command Remote Denial of Service Softalk Mail Server 8.5.1 - 'APPEND' Remote Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Command Denial of Service FileCOPA FTP Server 5.01 - 'NOOP' Denial of Service Hybserv2 - ':help' Command Denial of Service Hybserv2 - ':help' Denial of Service Titan FTP Server 8.40 - 'APPE' Command Remote Denial of Service Titan FTP Server 8.40 - 'APPE' Remote Denial of Service TYPSoft FTP Server 1.1 - 'APPE' Command Remote Buffer Overflow TYPSoft FTP Server 1.1 - 'APPE' Remote Buffer Overflow Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial of Service Sony Bravia KDL-32CX525 - 'hping' Remote Denial of Service SmallFTPd 1.0.3 - 'mkd' Command Denial of Service freeFTPd 1.0.8 - 'mkd' Command Denial of Service SmallFTPd 1.0.3 - 'mkd' Denial of Service freeFTPd 1.0.8 - 'mkd' Denial of Service Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service Wireshark 2.2.0 < 2.2.12 - ROS Dissector Denial of Service AIX 4.3/5.1 < 5.3 - 'lsmcode' Command Execution Privilege Escalation AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation xp-AntiSpy 3.9.7-4 - '.xpas' file Buffer Overflow xp-AntiSpy 3.9.7-4 - '.xpas' File Buffer Overflow GTA SA-MP server.cfg - Buffer Overflow (Metasploit) GTA SA-MP - 'server.cfg' Buffer Overflow (Metasploit) SCO Unixware 7.1 - 'pkg' command Exploit SCO Unixware 7.1 - 'pkg' Exploit Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution Caldera UnixWare 7.1.1 - WebTop 'SCOAdminReg.cgi' Arbitrary Command Execution OSSEC 2.7 < 2.8.1 - 'diff' Command Privilege Escalation OSSEC 2.7 < 2.8.1 - 'diff' Privilege Escalation Microsoft Windows 10 - pcap Driver Privilege Escalation Microsoft Windows 10 - 'pcap' Driver Privilege Escalation PHPMailer < 5.2.21 - Local File Disclosure HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow Apache 2.0.45 - APR Remote Exploit Apache 2.0.45 - 'APR' Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Command Remote Exploit RhinoSoft Serv-U FTPd Server 3.x/4.x - 'SITE CHMOD' Remote Exploit Pavuk Digest - Authentication Buffer Overflow Remote Exploit Pavuk Digest - Authentication Remote Buffer Overflow 3CServer 1.1 - FTP Server Remote Exploit 3CServer 1.1 (FTP Server) - Remote Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Remote Exploit LimeWire 4.1.2 < 4.5.6 - 'GET' Remote Exploit MailEnable Enterprise 1.x - Imapd Remote Exploit MailEnable Enterprise 1.x - IMAPd Remote Exploit Sumus 0.2.2 - httpd Remote Buffer Overflow Sumus 0.2.2 - HTTPd Remote Buffer Overflow Symantec Scan Engine 5.0.x - Change Admin Password Remote Exploit Symantec Scan Engine 5.0.x - Change Admin Password Mercur Messaging 2005 (Windows 2000 SP4) - IMAP (Subscribe) Remote Exploit Mercur Messaging 2005 (Windows 2000 SP4) - IMAP 'Subscribe' Remote Exploit CoreHTTP 0.5.3alpha (httpd) - Remote Buffer Overflow CoreHTTP 0.5.3alpha - HTTPd Remote Buffer Overflow Postcast Server Pro 3.0.61 - / Quiksoft EasyMail 'emsmtp.dll 6.0.1' Buffer Overflow Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Buffer Overflow Mercury/32 4.52 IMAPD - SEARCH Command Authenticated Overflow Mercury/32 4.52 IMAPD - 'SEARCH' Authenticated Overflow SonicWALL SSL-VPN - NeLaunchCtrl ActiveX Control Remote Exploit SonicWALL SSL-VPN - 'NeLaunchCtrl' ActiveX Control Remote Exploit simple httpd 1.38 - Multiple Vulnerabilities Simple HTTPd 1.38 - Multiple Vulnerabilities Cisco IOS 12.3(18) - FTP Server Remote Exploit (Attached to GDB) Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) freeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH) freeSSHd 1.2.1 - 'rename' Remote Buffer Overflow (SEH) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - apply.cgi Buffer Overflow (Metasploit) Linksys WRT54G < 4.20.7 / WRT54GS < 1.05.2 - 'apply.cgi' Buffer Overflow (Metasploit) Home FTP Server - 'MKD' Command Directory Traversal Home FTP Server - 'MKD' Directory Traversal Apple iTunes 8.1.x - 'daap' Buffer Overflow Remote Exploit Apple iTunes 8.1.x - 'daap' Remote Buffer Overflow eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (1) eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflows (2) eDisplay Personal FTP Server 1.0.0 - Authenticated Multiple Stack Buffer Overflows (2) EasyFTP Server 1.7.0.2 - MKD Remote Authenticated Buffer Overflow EasyFTP Server 1.7.0.2 - 'MKD' Authenticated Remote Buffer Overflow Xftp client 3.0 - PWD Remote Exploit Xftp client 3.0 - 'PWD' Remote Exploit ProSSHD 1.2 - Remote Authenticated Exploit (ASLR + DEP Bypass) ProSSHD 1.2 - Authenticated Remote Exploit (ASLR + DEP Bypass) EasyFTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'MKD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'CWD' Authenticated Remote Buffer Overflow EasyFTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'LIST' Authenticated Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Command Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient form2raw.cgi Stack Buffer Overflow (Metasploit) Alt-N MDaemon 6.8.5 - WorldClient 'form2raw.cgi' Stack Buffer Overflow (Metasploit) Linksys WRT54 Access Point - apply.cgi Buffer Overflow (Metasploit) Linksys WRT54 Access Point - 'apply.cgi' Buffer Overflow (Metasploit) Progea Movicon 11 - TCPUploadServer Remote Exploit Progea Movicon 11 - 'TCPUploadServer' Remote Exploit PCMan FTP Server Buffer Overflow - 'PUT' Command (Metasploit) PCMan FTP Server - 'PUT_ Buffer Overflow (Metasploit) Freefloat FTP Server - 'LIST' Command Buffer Overflow Freefloat FTP Server - 'LIST' Buffer Overflow KnFTP 1.0.0 Server - 'USER' command Remote Buffer Overflow KnFTP 1.0.0 Server - 'USER' Remote Buffer Overflow SGI IRIX 6.3 - cgi-bin webdist.cgi Exploit SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Exploit Matt Wright - FormHandler.cgi 2.0 Reply Attachment Matt Wright - 'FormHandler.cgi' 2.0 Reply Attachment Solution Scripts Home Free 1.0 - search.cgi Directory Traversal Solution Scripts Home Free 1.0 - 'search.cgi' Directory Traversal CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution CNC Technology BizDB 1.0 - 'bizdb-search.cgi' Remote Command Execution 3R Soft MailStudio 2000 2.0 - userreg.cgi Arbitrary Command Execution 3R Soft MailStudio 2000 2.0 - 'userreg.cgi' Arbitrary Command Execution Cisco Virtual Central Office 4000 (VCO/4K) 5.1.3 - Remote 'Username' and Password Retrieval Cisco Virtual Central Office 4000 (VCO/4K) 5.1.3 - Remote Username / Password Retrieval Greg Matthews - Classifieds.cgi 1.0 MetaCharacter Greg Matthews - 'Classifieds.cgi' 1.0 MetaCharacter Squid Web Proxy 2.2 - cachemgr.cgi Unauthorized Connection Squid Web Proxy 2.2 - 'cachemgr.cgi' Unauthorized Connection Leif M. Wright - ad.cgi 1.0 Unchecked Input Leif M. Wright - 'ad.cgi' 1.0 Unchecked Input NCSA 1.3/1.4.x/1.5 / Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval SWSoft ASPSeek 1.0 - s.cgi Buffer Overflow SWSoft ASPSeek 1.0 - 's.cgi' Buffer Overflow Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - a1disp4.cgi Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp2.cgi' Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp3.cgi' Traversal Arbitrary File Read Drummond Miles A1Stats 1.0 - 'a1disp4.cgi' Traversal Arbitrary File Read Tarantella Enterprise 3 3.x - TTAWebTop.cgi Arbitrary File Viewing Tarantella Enterprise 3 3.x - 'TTAWebTop.cgi' Arbitrary File Viewing NCSA httpd 1.x - Buffer Overflow (1) NCSA httpd 1.x - Buffer Overflow (2) NCSA HTTPd 1.x - Buffer Overflow (1) NCSA HTTPd 1.x - Buffer Overflow (2) BPM Studio Pro 4.2 - HTTPD Directory Traversal BPM Studio Pro 4.2 - HTTPd Directory Traversal Light HTTPD 0.1 - GET Buffer Overflow (1) Light HTTPD 0.1 - GET Buffer Overflow (2) Light HTTPd 0.1 - GET Buffer Overflow (1) Light HTTPd 0.1 - GET Buffer Overflow (2) Null HTTPD 0.5 - Remote Heap Corruption Null HTTPd 0.5 - Remote Heap Corruption Boozt Standard 0.9.8 - index.cgi Buffer Overrun Boozt Standard 0.9.8 - 'index.cgi' Buffer Overrun Webmin 0.9x / Usermin 0.9x/1.0 - Session ID Spoofing Unauthenticated Access Webmin 0.9x / Usermin 0.9x/1.0 - Unauthenticated Access Session ID Spoofing Axis Communications Video Server 2.x - Command.cgi File Creation Axis Communications Video Server 2.x - 'Command.cgi' File Creation Freefloat FTP Server - 'PUT' Command Buffer Overflow Freefloat FTP Server - 'PUT' Buffer Overflow MNOGoSearch 3.1.20 - search.cgi UL Buffer Overflow (1) MNOGoSearch 3.1.20 - search.cgi UL Buffer Overflow (2) MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (1) MNOGoSearch 3.1.20 - 'search.cgi?UL' Buffer Overflow (2) MySQL - Remote Unauthenticated User Enumeration (SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit MySQL - Unauthenticated Remote User Enumeration (SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass Freefloat FTP Server - 'USER' Command Buffer Overflow Freefloat FTP Server - 'USER' Buffer Overflow Mephistoles HTTPD 0.6 - Cross-Site Scripting Mephistoles HTTPd 0.6 - Cross-Site Scripting SurgeLDAP 1.0 - User.cgi Directory Traversal SurgeLDAP 1.0 - 'User.cgi' Directory Traversal Nagios3 - history.cgi Remote Command Execution Nagios3 - 'history.cgi' Remote Command Execution Nagios3 - history.cgi Host Command Execution (Metasploit) Nagios3 - 'history.cgi' Host Command Execution (Metasploit) Firebird 1.0 - Remote Unauthenticated Database Name Buffer Overrun Firebird 1.0 - Unauthenticated Remote Database Name Buffer Overrun acme thttpd 2.0.7 - Directory Traversal Acme thttpd 2.0.7 - Directory Traversal Freefloat FTP Server 1.0 - 'Raw' Commands Buffer Overflow Freefloat FTP Server 1.0 - 'Raw' Buffer Overflow NETGEAR DGN1000B - setup.cgi Remote Command Execution (Metasploit) NETGEAR DGN1000B - 'setup.cgi' Remote Command Execution (Metasploit) Linksys E1500/E2500 - apply.cgi Remote Command Injection (Metasploit) Linksys E1500/E2500 - 'apply.cgi' Remote Command Injection (Metasploit) Linksys WRT54GL - apply.cgi Command Execution (Metasploit) Linksys WRT54GL - 'apply.cgi' Command Execution (Metasploit) NETGEAR DGN2200B - pppoe.cgi Remote Command Execution (Metasploit) NETGEAR DGN2200B - 'pppoe.cgi' Remote Command Execution (Metasploit) SAP ConfigServlet - Remote Unauthenticated Payload Execution (Metasploit) SAP ConfigServlet - Unauthenticated Remote Payload Execution (Metasploit) GroundWork - monarch_scan.cgi OS Command Injection (Metasploit) GroundWork - 'monarch_scan.cgi' OS Command Injection (Metasploit) Linksys WRT160N v2 - apply.cgi Remote Command Injection (Metasploit) Linksys WRT160N v2 - 'apply.cgi' Remote Command Injection (Metasploit) WhitSoft SlimServe httpd 1.0/1.1 - Directory Traversal WhitSoft SlimServe HTTPd 1.0/1.1 - Directory Traversal Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote Exploit Nginx 1.3.9/1.4.0 (x86) - Brute Force PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Buffer Overflow Mikrotik RouterOS sshd (ROSSSH) - Remote Unauthenticated Heap Corruption PCMan FTP Server 2.07 - 'STOR' Command Buffer Overflow Mikrotik RouterOS sshd (ROSSSH) - Unauthenticated Remote Heap Corruption PCMan FTP Server 2.07 - 'STOR' Buffer Overflow Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting Cisco Secure ACS 2.3 - 'LoginProxy.cgi' Cross-Site Scripting PCMan FTP Server 2.07 - 'STOR' Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - 'STOR' Stack Overflow (Metasploit) Supermicro Onboard IPMI - close_window.cgi Buffer Overflow (Metasploit) Supermicro Onboard IPMI - 'close_window.cgi' Buffer Overflow (Metasploit) Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - setup.cgi Cross-Site Scripting Vulnerabilities Linksys WAG54GS 1.0.6 (Wireless-G ADSL Gateway) - 'setup.cgi' Cross-Site Scripting TinTin++ / WinTin++ 1.97.9 - '#chat' Command Multiple Vulnerabilities TinTin++ / WinTin++ 1.97.9 - '#chat' Multiple Vulnerabilities PCMan FTP Server 2.07 - 'ABOR' Command Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Command Buffer Overflow PCMan FTP Server 2.07 - 'ABOR' Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Buffer Overflow Ultra Mini HTTPD 1.21 - POST Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Stack Buffer Overflow Ultra Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit Ultra Mini HTTPD 1.21 - 'POST' Stack Buffer Overflow ALFTP FTP Client 4.1/5.0 - 'LIST' Command Directory Traversal ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal Glub Tech Secure FTP 2.5.15 - 'LIST' Command Directory Traversal Glub Tech Secure FTP 2.5.15 - 'LIST' Directory Traversal UltraEdit 14.00b - FTP/SFTP 'LIST' Command Directory Traversal WISE-FTP 4.1/5.5.8 - FTP Client 'LIST' Command Directory Traversal Classic FTP 1.02 - 'LIST' Command Directory Traversal UltraEdit 14.00b - FTP/SFTP 'LIST' Directory Traversal WISE-FTP 4.1/5.5.8 - FTP Client 'LIST' Directory Traversal Classic FTP 1.02 - 'LIST' Directory Traversal AceFTP 3.80.3 - 'LIST' Command Directory Traversal AceFTP 3.80.3 - 'LIST' Directory Traversal RhinoSoft Serv-U FTP Server 7.2.0.1 - 'rnto' Command Directory Traversal RhinoSoft Serv-U FTP Server 7.2.0.1 - 'rnto' Directory Traversal Vtiger - Install Unauthenticated Remote Command Execution (Metasploit) Vtiger - 'Install' Unauthenticated Remote Command Execution (Metasploit) httpdx 1.5 - 'MKD' Command Directory Traversal httpdx 1.5 - 'MKD' Directory Traversal D-Link Devices - Authentication.cgi Buffer Overflow (Metasploit) D-Link Devices - 'Authentication.cgi' Buffer Overflow (Metasploit) rbot 0.9.14 - '!react' Command Unauthorized Access rbot 0.9.14 - '!react' Unauthorized Access VMTurbo Operations Manager 4.6 - vmtadmin.cgi Remote Command Execution (Metasploit) VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution (Metasploit) Solar FTP Server 2.1.1 - 'PASV' Command Remote Buffer Overflow Solar FTP Server 2.1.1 - 'PASV' Remote Buffer Overflow Freefloat FTP Server - 'ALLO' Command Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'MKD' Command Buffer Overflow Freefloat FTP Server - 'ALLO' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'MKD' Buffer Overflow Endian Firewall 2.4 - openvpn_users.cgi PATH_INFO Cross-Site Scripting Endian Firewall 2.4 - 'openvpn_users.cgi?PATH_INFO' Cross-Site Scripting PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PUT' Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow Zpanel - Remote Unauthenticated Remote Code Execution (Metasploit) Zpanel - Unauthenticated Remote Code Execution (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Buffer Overflow (Metasploit) IPFire - proxy.cgi Remote Code Execution (Metasploit) IPFire - 'proxy.cgi' Remote Code Execution (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Buffer Overflow (Metasploit) EasyFTP Server 1.7.0.11 - 'APPE' Command Buffer Overflow Remote Exploit EasyFTP Server 1.7.0.11 - 'APPE' Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Command Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Command Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'DELETE' Buffer Overflow Freefloat FTP Server 1.0 - 'ABOR' Buffer Overflow Freefloat FTP Server 1.0 - 'RMD' Buffer Overflow Freefloat FTP Server 1.0 - 'HOST' Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Command Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Command Buffer Overflow Freefloat FTP Server 1.0 - 'RENAME' Buffer Overflow PCMan FTP Server 2.0.7 - 'UMASK' Buffer Overflow Freefloat FTP Server 1.0 - 'DIR' Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow PCMan FTP Server 2.0.7 - 'ACCT' Buffer Overflow Freefloat FTP Server 1.0 - 'SITE ZONE' Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Buffer Overflow BolinTech DreamFTP Server 1.02 - 'RETR' Remote Buffer Overflow NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit) NETGEAR DGN2200 - 'dnslookup.cgi' Command Injection (Metasploit) VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit) VICIdial 2.9 RC 1 < 2.13 RC1 - 'user_authorization' Unauthenticated Command Execution (Metasploit) CCBILL CGI - 'ccbillx.c' whereami.cgi Remote Exploit CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Exploit phpBB 2.0.6 - search_id SQL Injection MD5 Hash Remote Exploit phpBB 2.0.6 - 'search_id' SQL Injection MD5 Hash Remote Exploit eXtropia Shopping Cart - web_store.cgi Remote Exploit eXtropia Shopping Cart - 'web_store.cgi' Remote Exploit Limbo 1.0.4.2 - _SERVER[REMOTE_ADDR] Overwrite Remote Exploit Limbo 1.0.4.2 - '_SERVER[REMOTE_ADDR]' Overwrite Remote Exploit TFT Gallery 0.10 - Password Disclosure Remote Exploit TFT Gallery 0.10 - Password Disclosure XOOPS 2.0.13.2 - xoopsOption[nocommon] Remote Exploit XOOPS 2.0.13.2 - 'xoopsOption[nocommon]' Remote Exploit Drupal 4.7 - attachment mod_mime Remote Exploit Drupal 4.7 - 'Attachment mod_mime' Remote Exploit Cahier de texte 2.0 - Database Backup/Source Disclosure Remote Exploit Cahier de texte 2.0 - Database Backup / Source Disclosure CSPartner 1.0 - Delete All Users / SQL Injection Remote Exploit CSPartner 1.0 - Delete All Users / SQL Injection Podcast Generator 1.2 - Unauthorized Re-Installation Remote Exploit Podcast Generator 1.2 - Unauthorized Re-Installation SPIP < 2.0.9 - Arbitrary Copy All Passwords to .XML File Remote Exploit SPIP < 2.0.9 - Arbitrary Copy All Passwords to '.XML' File Nagios3 - statuswml.cgi Command Injection (Metasploit) Nagios3 - 'statuswml.cgi' Command Injection (Metasploit) QuickTime Streaming Server - parse_xml.cgi Remote Execution (Metasploit) QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit) Nagios3 - statuswml.cgi Ping Command Execution (Metasploit) Nagios3 - 'statuswml.cgi' 'Ping' Command Execution (Metasploit) E-Mail Security Virtual Appliance - learn-msg.cgi Command Injection (Metasploit) E-Mail Security Virtual Appliance - 'learn-msg.cgi' Command Injection (Metasploit) AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution AHG Search Engine 1.0 - 'search.cgi' Arbitrary Command Execution CGIScript.net - csPassword.cgi 1.0 Information Disclosure CGIScript.net - csPassword.cgi 1.0 HTAccess File Modification CGIScript.net - 'csPassword.cgi' 1.0 Information Disclosure CGIScript.net - 'csPassword.cgi' 1.0 HTAccess File Modification MailReader.com 2.3.x - NPH-MR.cgi File Disclosure MailReader.com 2.3.x - 'NPH-MR.cgi' File Disclosure BizDesign ImageFolio 2.x/3.0.1 - nph-build.cgi Cross-Site Scripting BizDesign ImageFolio 2.x/3.0.1 - 'nph-build.cgi' Cross-Site Scripting cPanel 5.0 - Guestbook.cgi Remote Command Execution (1) cPanel 5.0 - Guestbook.cgi Remote Command Execution (2) cPanel 5.0 - Guestbook.cgi Remote Command Execution (3) cPanel 5.0 - Guestbook.cgi Remote Command Execution (4) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (1) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (3) cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (4) HappyMall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi Command Execution HappyMall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' Command Execution HappyMall E-Commerce Software 4.3/4.4 - Member_HTML.cgi Command Execution HappyMall E-Commerce Software 4.3/4.4 - 'Member_HTML.cgi' Command Execution Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi Cross-Site Scripting Happymall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' Cross-Site Scripting Happymall E-Commerce Software 4.3/4.4 - Normal_HTML.cgi File Disclosure Happymall E-Commerce Software 4.3/4.4 - 'Normal_HTML.cgi' File Disclosure Zeus Web Server 4.x - Admin Interface VS_Diag.cgi Cross-Site Scripting Zeus Web Server 4.x - Admin Interface 'VS_Diag.cgi' Cross-Site Scripting ImageFolio 2.2x/3.0/3.1 - Admin.cgi Directory Traversal ImageFolio 2.2x/3.0/3.1 - 'Admin.cgi' Directory Traversal SurgeLDAP 1.0 d - User.cgi Cross-Site Scripting SurgeLDAP 1.0 d - 'User.cgi' Cross-Site Scripting Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - Message.cgi Cross-Site Scripting Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - 'Message.cgi' Cross-Site Scripting CommerceSQL Shopping Cart 2.2 - index.cgi Directory Traversal CommerceSQL Shopping Cart 2.2 - 'index.cgi' Directory Traversal DansGuardian Webmin Module 0.x - edit.cgi Directory Traversal DansGuardian Webmin Module 0.x - 'edit.cgi' Directory Traversal ShopCartCGI 2.3 - gotopage.cgi Traversal Arbitrary File Access ShopCartCGI 2.3 - 'gotopage.cgi' Traversal Arbitrary File Access BoardPower Forum - ICQ.cgi Cross-Site Scripting BoardPower Forum - 'ICQ.cgi' Cross-Site Scripting Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution Gossamer Threads Links 2.x - User.cgi Cross-Site Scripting Gossamer Threads Links 2.x - 'User.cgi' Cross-Site Scripting MegaBook 2.0/2.1 - Admin.cgi EntryID Cross-Site Scripting MegaBook 2.0/2.1 - 'Admin.cgi?EntryID' Cross-Site Scripting PerlDiver 2.31 - Perldiver.cgi Cross-Site Scripting PerlDiver 2.31 - 'Perldiver.cgi' Cross-Site Scripting GlobalNoteScript 4.20 - Read.cgi Remote Command Execution GlobalNoteScript 4.20 - 'Read.cgi' Remote Command Execution Pngren 2.0.1 - Kaiseki.cgi Remote Command Execution Pngren 2.0.1 - 'Kaiseki.cgi' Remote Command Execution Walla TeleSite 3.0 - ts.cgi File Existence Enumeration Walla TeleSite 3.0 - 'ts.cgi' File Existence Enumeration Easy Search System 1.1 - search.cgi Cross-Site Scripting Easy Search System 1.1 - 'search.cgi' Cross-Site Scripting Kryptronic ClickCartPro 5.1/5.2 - CP-APP.cgi Cross-Site Scripting Kryptronic ClickCartPro 5.1/5.2 - 'CP-APP.cgi' Cross-Site Scripting Cholod MySQL Based Message Board - Mb.cgi SQL Injection Cholod MySQL Based Message Board - 'Mb.cgi' SQL Injection BlankOL 1.0 - Bol.cgi Multiple Cross-Site Scripting Vulnerabilities BlankOL 1.0 - 'Bol.cgi' Multiple Cross-Site Scripting Vulnerabilities Web-APP.net WebAPP 0.9.x - /mods/calendar/index.cgi?vsSD' Cross-Site Scripting Web-APP.net WebAPP 0.9.x - '/mods/calendar/index.cgi?vsSD' Cross-Site Scripting Net Clubs Pro 4.0 - imessage.cgi 'Username' Cross-Site Scripting Net Clubs Pro 4.0 - 'imessage.cgi?Username' Cross-Site Scripting Cosmoshop 8.10.78/8.11.106 - Lshop.cgi SQL Injection Cosmoshop 8.10.78/8.11.106 - 'Lshop.cgi' SQL Injection Netwin SurgeFTP 2.3a1 - SurgeFTPMGR.cgi Multiple Input Validation Vulnerabilities Netwin SurgeFTP 2.3a1 - 'SurgeFTPMGR.cgi' Multiple Input Validation Vulnerabilities WebEvent 4.03 - Webevent.cgi Cross-Site Scripting WebEvent 4.03 - 'Webevent.cgi' Cross-Site Scripting Urchin 5.7.x - session.cgi Cross-Site Scripting Urchin 5.7.x - 'session.cgi' Cross-Site Scripting Google Urchin 5.7.3 - Report.cgi Authentication Bypass Google Urchin 5.7.3 - \Report.cgi' Authentication Bypass Web Terra 1.1 - books.cgi Remote Command Execution Web Terra 1.1 - 'books.cgi' Remote Command Execution D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Exploit Lancfg2get.cgi D-Link DSL-2730B Modem - 'Lancfg2get.cgi Persistent Cross-Site Scripting Zenoss 3.2.1 - Remote Authenticated Command Execution Zenoss 3.2.1 - Authenticated Remote Command Execution Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit) Gemtek CPE7000 - WLTCS-106 'sysconf.cgi' Unauthenticated Remote Command Execution (Metasploit)	2017-10-27 05:01:37 +00:00
Offensive Security	c7b4bfd8e6	DB: 2017-08-23 23 new exploits Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit) IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit) BSD - Passive Connection Shellcode (124 bytes) BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes) BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes) BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes) BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - execve /bin/cat /etc/master.passwd \| mail [email] Shellcode (92 bytes) BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - kill all processes Shellcode (12 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Kill All Processes Shellcode (12 bytes) FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes) FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes) FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) (Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode Linux/x86 - cmd Null-Free Shellcode (Generator) (Generator) - Alphanumeric Shellcode (Encoder/Decoder) Linux/x86 - Bind TCP Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux/x86 - Command Null-Free Shellcode (Generator) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Win32 - Multi-Format Encoding Tool Shellcode (Generator) iOS - Version-independent Shellcode Cisco IOS - Connectback 21/TCP Shellcode Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) iOS Version-independent - Null-Free Shellcode Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/x86 - killall5 polymorphic Shellcode (61 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - reboot() polymorphic Shellcode (57 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator (Generator) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - /sbin/iptables -F Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - executes command after setreuid Shellcode (49+ bytes) Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + executes command (49+ bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes) Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes) Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - TCP Proxy Shellcode (236 bytes) Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes) Linux/x86 - snoop /dev/dsp Shellcode (172 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - setreuid/execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - iptables -F Shellcode (45 bytes) Linux/x86 - iptables -F Shellcode (58 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - connect Shellcode (120 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - break chroot Shellcode (34 bytes) Linux/x86 - break chroot Shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - chroot()/execve() code Shellcode (80 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes) Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes) OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes) OSX/PPC - sync()_ reboot() Shellcode (32 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes) OSX/PPC - sync() + reboot() Shellcode (32 bytes) OSX/PPC - Add user _r00t_ Shellcode (219 bytes) OSX/PPC - Add Root User (r00t) Shellcode (219 bytes) Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid/execve Shellcode (56 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes) Win32 - SEH Omelet Shellcode Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - PEB!NtGlobalFlags Shellcode (14 bytes) Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes) Win32/XP SP2 - cmd.exe Shellcode (57 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes) Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Win32 - ConnectBack + Download A File + Save + Execute Shellcode Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes) Win32 - Download File + Execute Shellcode (192 bytes) Win32 - Download File + Execute Shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box Shellcode (110 bytes) Win32 - WinExec() Command Parameter Shellcode (104+ bytes) Win32 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - SEH Omelet Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes) Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes) Windows x86 - Download File + Execute Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator) Windows XP - Download File + Execute Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Windows XP - Download File + Execute Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA Shellcode Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Win32/XP SP2 - calc.exe Shellcode (45 bytes) Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - break chroot Shellcode (79 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Win32 XP SP2 (FR) - calc Shellcode (19 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes) Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes) Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - disabled modsecurity Shellcode (64 bytes) Win32 - JITed Stage-0 Shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - Disabled modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes) Win32 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux - write() + exit(0) Shellcode (Generator) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes) Windows XP SP2 (FR) - Download File + Execute Shellcode Windows XP SP2 (French) - Download File + Execute Shellcode Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes) Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Win32 - Write-to-file Shellcode (278 bytes) Windows x86 - Write-to-file Null-Free Shellcode (278 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 English - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) Win32 - Checksum Routine Shellcode (18 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) Windows x86 - Checksum Routine Shellcode (18 bytes) Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes) Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes) Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader Port 0x1337 Shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode ARM - Loader (0x1337/TCP) Shellcode ARM - ifconfig eth0 192.168.0.2 up Shellcode ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes) Win32 - Speaking 'You got pwned!' Shellcode FreeBSD/x86 - connect back Shellcode (81 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Win32 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes) Windows x86 - eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes) OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes) Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes) Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes) Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes) Windows x64 - Bind TCP Shell Shellcode (508 bytes) Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes) Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows - Messagebox Shellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Windows - Add Administrator 'BroK3n' Shellcode (194 bytes) Windows - Messagebox Null-FreeShellcode (113 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes) Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes) Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - Disable ASLR Shellcode (84 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes) Linux/x86 - Typewriter Shellcode (Generator) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes) Win32/XP SP3 - Restart computer Shellcode (57 bytes) Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes) Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes) Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes) Linux/x86 - exec('/bin/dash') Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes) Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes) Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - /bin/sh Shellcode (34 bytes) Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes) Windows XP < 10 - WinExec Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes) Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x64 - WinExec() Shellcode (93 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes) Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Windows x86 - Executable Directory Search Shellcode (130 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86 - Bind Shell Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes) Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes) Linux/x86 - Disable ASLR Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux x86 - /bin/sh Shellcode (24 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86_64 - kill All Processes Shellcode (19 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Php Cloud mining Script - Authentication Bypass (Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass	2017-08-23 05:01:29 +00:00
Offensive Security	5e2fc10125	DB: 2016-09-03	2016-09-03 13:13:25 +00:00
Offensive Security	31a21bb68d	DB: 2016-09-03 14 new exploits Too many to list!	2016-09-03 05:08:42 +00:00
Offensive Security	f96ddba143	DB: 2016-09-02 2 new exploits SAPID Blog beta 2 - (root_path) Remote File Inclusion SAPID Gallery 1.0 - (root_path) Remote File Inclusion SAPID Shop 1.2 - (root_path) Remote File Inclusion SAPID Blog beta 2 - (root_path) Remote File Inclusion SAPID Gallery 1.0 - (root_path) Remote File Inclusion SAPID Shop 1.2 - (root_path) Remote File Inclusion PHPCodeCabinet 0.5 - (Core.php) Remote File Inclusion phNNTP 1.3 - (article-raw.php) Remote File Inclusion Cwfm 0.9.1 - (Language) Remote File Inclusion PHP 4.4.3 / 5.1.4 - (objIndex) Local Buffer Overflow PoC Cwfm 0.9.1 - (Language) Remote File Inclusion PHP 4.4.3 / 5.1.4 - (objIndex) Local Buffer Overflow PoC PgMarket 2.2.3 - (CFG[libdir]) Remote File Inclusion PHPMyRing 4.2.0 - (view_com.php) SQL Injection SAPID CMS 1.2.3_rc3 - (rootpath) Remote Code Execution Exploit phpwcms 1.1-RC4 - (spaw) Remote File Inclusion Spaminator 1.7 - (page) Remote File Inclusion Thatware 0.4.6 - (root_path) Remote File Inclusion Spaminator 1.7 - (page) Remote File Inclusion Thatware 0.4.6 - (root_path) Remote File Inclusion phpPrintAnalyzer 1.2 - Remote File Inclusion Wheatblog 1.1 - (session.php) Remote File Inclusion phPay 2.02 - (nu_mail.inc.php) Remote mail() Injection Exploit WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Dislcosure/Arbitrary File Upload WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Disclosure/Arbitrary File Upload FortiClient SSLVPN 5.4 - Credentials Disclosure	2016-09-02 05:08:35 +00:00
Offensive Security	658e0cae3f	Updated 05_04_2014	2014-05-04 04:36:23 +00:00
Offensive Security	46dd79985b	Updated 04_18_2014	2014-04-18 04:35:42 +00:00
Offensive Security	1375f95446	Updated 04_05_2014	2014-04-05 04:32:30 +00:00
Offensive Security	9e169eb898	Updated 03_19_2014	2014-03-19 04:30:00 +00:00
Offensive Security	0007ea1915	Updated 02_28_2014	2014-02-28 04:28:49 +00:00
Offensive Security	18d0bd4ec0	Updated	2013-12-03 22:42:55 +00:00
Offensive Security	fffbf04102	Updated	2013-12-03 19:44:07 +00:00

12 commits