bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2821 commits 1 branch 0 tags 258 MiB
Commit graph

6 commits

Author SHA1 Message Date
Offensive Security
f2d7e05ad0 DB: 2022-02-19 
17 changes to exploits/shellcodes

Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path
Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path
Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path
Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path
TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path
Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path
Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path
File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path
Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path
WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation
WordPress Plugin dzs-zoomsounds 6.60 - Remote Code Execution (RCE) (Unauthenticated)
Hotel Druid 3.0.3 - Remote Code Execution (RCE)
Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)

Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode
Solaris/SPARC - chmod(./me) Shellcode
Solaris/SPARC - setuid(0) + execve (/bin/ksh) Shellcode
Linux/MIPS - N32 MSB Reverse Shell Shellcode
 2022-02-19 05:01:36 +00:00
Offensive Security
b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
 2021-09-03 20:19:21 +00:00
Offensive Security
36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
 2021-09-03 13:39:06 +00:00
Offensive Security
cf96346519 DB: 2018-01-25 
124 changes to exploits/shellcodes

Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)

Samsung DVR SHR2040 - HTTPD Remote Denial of Service Denial of Service (PoC)
Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC)

Novell ZenWorks 10/11 - TFTPD Remote Code Execution
Novell ZENworks 10/11 - TFTPD Remote Code Execution

Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi

WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service
WhitSoft SlimServe HTTPd 1.1 - 'GET_ Denial of Service

GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service
GoAhead Web Server 2.1 (Windows) - Denial of Service

Anti-Web HTTPD 2.2 Script - Engine File Opening Denial of Service
Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service

Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow
Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow

D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service
D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service

Lorex LH300 Series - ActiveX Buffer Overflow (PoC)

Debut Embedded httpd 1.20 - Denial of Service
Debut Embedded HTTPd 1.20 - Denial of Service

Xorg 1.4 < 1.11.2 - File Permission Change
X.Org xorg 1.4 < 1.11.2 - File Permission Change

Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit)
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit)

ICU library 52 < 54 - Multiple Vulnerabilities

rooter VDSL Device - Goahead WebServer Disclosure
FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure

Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal
Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal

Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow
Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow

Debian 2.1 - httpd
Debian 2.1 - HTTPd

Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing

Inso DynaWeb httpd 3.1/4.0.2/4.1 - Format String
Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String

W3C CERN httpd 3.0 Proxy - Cross-Site Scripting
W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting

ATP httpd 0.4 - Single Byte Buffer Overflow
ATP HTTPd 0.4 - Single Byte Buffer Overflow

AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow
Light HTTPd 0.1 - GET Buffer Overflow (1)
Light HTTPd 0.1 - GET Buffer Overflow (2)
Light HTTPd 0.1 - 'GET' Buffer Overflow (1)
Light HTTPd 0.1 - 'GET' Buffer Overflow (2)

Light HTTPD 0.1 (Windows) - Remote Buffer Overflow
Light HTTPd 0.1 (Windows) - Remote Buffer Overflow

Ultra Mini HTTPD 1.21 - Remote Stack Buffer Overflow
Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow

Ultra Mini HTTPD - Remote Stack Buffer Overflow (Metasploit)
Ultra Mini HTTPd - Remote Stack Buffer Overflow (Metasploit)

BusyBox 1.01 - HTTPD Directory Traversal
BusyBox 1.01 - HTTPd Directory Traversal

Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1)
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1)

Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock'  Remote Command Injection
Apache mod_cgi - 'Shellshock'  Remote Command Injection
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection
Apache mod_cgi - 'Shellshock' Remote Command Injection

IPFire - 'Shellshock'  Bash Environment Variable Command Injection (Metasploit)
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)

AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution

GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)

GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution

NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit)

Getsimple 2.01 - Local File Inclusion
Getsimple CMS 2.01 - Local File Inclusion

Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Novell ZENworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)

ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload
ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload
ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution
ManageEngine EventLog Analyzer - Multiple Vulnerabilities
ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)

Bash CGI - 'Shellshock' Remote Command Injection  (Metasploit)
Bash CGI - 'Shellshock' Remote Command Injection (Metasploit)

Getsimple 3.0 - 'set' Local File Inclusion
Getsimple CMS 3.0 - 'set' Local File Inclusion

ZENworks Configuration Management 11.3.1 - Remote Code Execution
Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution

Kaseya Virtual System Administrator - Multiple Vulnerabilities (1)
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)

Getsimple - 'path' Local File Inclusion
Getsimple CMS 3.1.2 - 'path' Local File Inclusion

Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit)
SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)

ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
BMC Track-It! 11.4 - Multiple Vulnerabilities
Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities
SysAid Help Desk 14.4 - Multiple Vulnerabilities
Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities
GetSimple CMS 3.3.1 - Cross-Site Scripting
CMS Made Simple 1.11.9 - Multiple Vulnerabilities
ManageEngine Desktop Central - Create Administrator
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)
ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities

Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload

Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)
FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes)
FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)

Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)

Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (33 bytes)

NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)

Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)

Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)

Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode
Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode

Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)
Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)

Windows/x86 (XP SP3) - ShellExecuteA Shellcode
Windows/x86 (XP SP3) - ShellExecuteA() Shellcode

Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)
Windows  (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)

Windows/x86 - JITed Stage-0 Shellcode

Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes)
Windows/x86 (XP SP2) - WinExec(write.exe) + ExitProcess Shellcode (16 bytes)
Windows/x86 - MessageBox Shellcode (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Windows/x86 - MessageBox Shellcode (Generator) (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (30 bytes)

Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)

Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Windows/x64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)

Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes)
Windows/x64 (7) - cmd.exe Shellcode (61 bytes)

Windows - MessageBoxA Shellcode (238 bytes)
Windows - MessageBoxA() Shellcode (238 bytes)

Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator)
Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)
Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes)
Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator)
Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)
Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes)

Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)

Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)
Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)

Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes)
Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes)
OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit)

Windows/x86 - Eggsearch Shellcode (33 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)

Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)

OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode
OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode

Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (52 bytes)

Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)
Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)

Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)

Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode
Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode

Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)

Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)

Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)

Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)
Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)

Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)
Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes)

Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode
Linux/x64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator)
Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode
Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
Windows/x86 - user32!MessageBox(Hello World!) + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator)
Windows/x64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - execve() Shellcode (22 bytes)
Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)
Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - execve() Shellcode (22 bytes)
Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Linux/x64 - execve() + Polymorphic Shellcode (31 bytes)
Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)

Linux/x86-64 - Bind TCP Shell Shellcode (Generator)
Linux/x64 - Bind TCP Shell Shellcode (Generator)
Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)

Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)

Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)

Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)

Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)

Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)

Windows/x86 - MessageBoxA Shellcode (242 bytes)
Windows/x86 - MessageBoxA() Shellcode (242 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)
Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes)

Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes)
Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes)
Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir() Shellcode (25 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)
Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x64 - mkdir() Shellcode (25 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (22 bytes)

Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)

Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x86-64 - shutdown -h now Shellcode (65 bytes)
Linux/x86-64 - shutdown -h now Shellcode (64 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x64 - shutdown -h now Shellcode (65 bytes)
Linux/x64 - shutdown -h now Shellcode (64 bytes)
Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)

Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes)
Windows/x86-64 (10) - Egghunter Shellcode (45 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Windows/x64 (10) - Egghunter Shellcode (45 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)
Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Windows - cmd.exe Shellcode (718 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1)

Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (24 bytes)

Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x64 - Kill All Processes Shellcode (19 bytes)
Linux/x64 - Fork Bomb Shellcode (11 bytes)

Linux/x86-64 - mkdir(evil) Shellcode (30 bytes)
Linux/x64 - mkdir(evil) Shellcode (30 bytes)

Windows/x86-64 - API Hooking Shellcode (117 bytes)
Windows/x64 - API Hooking Shellcode (117 bytes)
 2018-01-25 18:22:06 +00:00
Offensive Security
909c94ce89 DB: 2018-01-17 
78 changes to exploits/shellcodes

OBS studio 20.1.3 - Local Buffer Overflow
OBS Studio 20.1.3 - Local Buffer Overflow

Seagate Personal Cloud - Multiple Vulnerabilities

AIX - execve /bin/sh Shellcode (88 bytes)
AIX - execve(/bin/sh) Shellcode (88 bytes)
BSD/PPC - execve /bin/sh Shellcode (128 bytes)
BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)
BSD/PPC - execve(/bin/sh) Shellcode (128 bytes)
BSD/x86 - setuid(0) + execve(/bin/sh) Shellcode (30 bytes)
BSD/x86 - execve /bin/sh Shellcode (27 bytes)
BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)
BSD/x86 - execve(/bin/sh) Shellcode (27 bytes)
BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (29 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)
BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes)
BSD/x86 - execve(/bin/sh) + Encoded Shellcode (57 bytes)
BSDi/x86 - execve /bin/sh Shellcode (45 bytes)
BSDi/x86 - execve /bin/sh Shellcode (46 bytes)
BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)
BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)

FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes)

FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (1)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (2)
FreeBSD/x86 - execve /bin/sh Shellcode (37 bytes)
FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)
FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (2)
FreeBSD/x86 - execve(/bin/sh) Shellcode (37 bytes)
FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes)
FreeBSD/x86 - execve /tmp/sh Shellcode (34 bytes)
FreeBSD/x86 - chown 0:0 + chmod 6755 + execve(/tmp/sh) Shellcode (44 bytes)
FreeBSD/x86 - execve(/tmp/sh) Shellcode (34 bytes)
FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes)
Linux/x86 - execve Null-Free Shellcode (Generator)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86 - execve() Null-Free Shellcode (Generator)

Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)
Linux - execve(/bin/sh) + Polymorphic + Printable ASCII Characters Shellcode (Generator)

HP-UX - execve /bin/sh Shellcode (58 bytes)
HP-UX - execve(/bin/sh) Shellcode (58 bytes)

Linux/PPC - execve /bin/sh Shellcode (60 bytes)
Linux/PPC - execve(/bin/sh) Shellcode (60 bytes)

Linux/PPC - execve /bin/sh Shellcode (112 bytes)
Linux/PPC - execve(/bin/sh) Shellcode (112 bytes)

Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes)
Linux/x86 - /bin/sh + Self-Modifying Anti-IDS Shellcode (35/64 bytes)
Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Disable Network Card + Polymorphic Shellcode (75 bytes)
Linux/x86 - killall5 + Polymorphic Shellcode (61 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (48 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - reboot() + Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow + Polymorphic Shellcode (54 bytes)

Linux/x86 - execve read Shellcode (92 bytes)
Linux/x86 - execve() Read Shellcode (92 bytes)
Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes)
Linux/x86 - execve /bin/sh Shellcode (22 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (22 bytes)

Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes)

Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)

Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes)
Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes)

Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (2)
Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes)
Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes)

Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes)
Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes)

Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve(/bin/sh) Shellcode (66 bytes)

Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - setreuid() + execve() Shellcode (31 bytes)

Linux/x86 - execve code Shellcode (23 bytes)
Linux/x86 - execve() Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes)
Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes)
Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes)
BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes)
Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes)
BSD/x86 - symlink . /bin/sh Shellcode (32 bytes)
Linux/x86 - execve /bin/sh Shellcode (29 bytes)
Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3)
Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 - execve /bin/sh Shellcode (30 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (29 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (3)
Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes)
Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)
OpenBSD/x86 - Load Kernel Module (/tmp/o.o) Shellcode (66 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve(/bin/sh) Shellcode (80 bytes)
Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (58 bytes)
Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/sh) Shellcode (46+ bytes)
Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes)

Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (33 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve(/bin/sh) Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve(/bin/sh) Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve(/bin/sh) Shellcode (38 bytes)
NetBSD/x86 - execve /bin/sh Shellcode (68 bytes)
OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes)
NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)
OpenBSD/x86 - execve(/bin/sh) Shellcode (23 bytes)

OSX/PPC - execve /bin/sh Shellcode (72 bytes)
OSX/PPC - execve(/bin/sh) Shellcode (72 bytes)

OSX/PPC - setuid(0) + execve /bin/sh Shellcode (88 bytes)
OSX/PPC - setuid(0) + execve(/bin/sh) Shellcode (88 bytes)

OSX/PPC - execve /usr/X11R6/bin/xterm Shellcode (141 bytes)
OSX/PPC - execve(/usr/X11R6/bin/xterm) Shellcode (141 bytes)

Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes)
Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve Shellcode (56 bytes)
Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve() Shellcode (56 bytes)
Solaris/SPARC - execve /bin/sh Shellcode (52 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)
Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)
Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes)

Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes)
Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes)
UnixWare - execve /bin/sh Shellcode (95 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)

Linux/x86 - execve Shellcode (51 bytes)
Linux/x86 - execve() Shellcode (51 bytes)

Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes)

Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)

Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (43 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (8 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (2)

Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)
Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2)

Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes)
Linux/x86 - Fork Bomb + Polymorphic Shellcode (30 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (30 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)

Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) + Polymorphic Shellcode (57 bytes)

Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes)

Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes)
Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes)

Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes)

Linux - Write SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes)
Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes)

Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes)
Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator)
Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes)

Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)

Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes)

Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM)
Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode

OSX/Intel x86-64 - setuid shell Shellcode (51 bytes)
OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes)
OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
OSX - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve /bin/sh Shellcode (52 bytes)
OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode
Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes)

Linux/MIPS - execve /bin/sh Shellcode (48 bytes)
Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (52 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)

Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode

Linux/x86 - execve /bin/dash Shellcode (42 bytes)
Linux/x86 - execve(/bin/dash) Shellcode (42 bytes)

Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes)
Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes)

Linux/MIPS - execve /bin/sh Shellcode (36 bytes)
Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)

Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes)

Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes)
Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes)

Linux/x86 - execve /bin/sh Shellcode (35 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (35 bytes)
Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes)
Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes)
Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)
Linux/x86 - execve /bin/sh Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1)
Linux/x86 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (1)

Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)

Linux/x86 - execve /bin/sh Shellcode (23 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (23 bytes)
Linux/x86-64 - execve Encoded Shellcode (57 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Linux/x86-64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode

Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode

OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)
OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes)

Linux/x86 - execve /bin/bash Shellcode (31 bytes)
Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)

Linux/x86-64 - execve Shellcode (22 bytes)
Linux/x86-64 - execve() Shellcode (22 bytes)

Linux/x86-64 - execve Polymorphic Shellcode (31 bytes)
Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)

Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (1)

Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes)

Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)
Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)

Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes)

Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86 - execve(/bin/sh) + ASLR Bruteforce Shellcode

Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (19 bytes)
OSX/PPC - Remote findsock by recv() Key Shellcode
OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode
OSX/PPC - Stager Sock Find MSG_PEEK Shellcode
OSX/PPC - Stager Sock Find Shellcode
OSX/PPC - Stager Sock Reverse Shellcode
OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes)
OSX/PPC - execve(/bin/sh) Shellcode
OSX/PPC - execve(/bin/sh_[/bin/sh]_NULL) + exit() Shellcode (72 bytes)
OSX/x86 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x86 - Add User (t00r/t00r) PexFnstenvSub Encoded Shellcode (116 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + execute /bin/sh Shellcode (57 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes)
BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes)
Linux/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (67 bytes)
Linux/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)
Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode
Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode
Solaris/SPARC - Bind TCP Shell Shellcode
Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes)
Solaris/x86 - execve(/bin/sh) Shellcode (43 bytes)
BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes)
OpenBSD/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (74 bytes)
BSD/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes)
BSD/x86 - Break chroot (../ 10x Loop) Shellcode (40 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) + exit() Shellcode (58 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) + exit() Shellcode (64 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (58 bytes)
BSD/x86 - symlink /bin/sh sh Shellcode (39 bytes)
Linux/x86 - symlink /bin/sh sh Shellcode (36 bytes)
BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)
BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes)
BSD/x86 - execve(/bin/sh) Shellcode (28 bytes)
Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)
Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes)
Linux/x86 - Disable Shadowing Shellcode (42 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes)
Linux/x86 - exit(0) / exit(1) Shellcode (3/4 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0) Shellcode (25 bytes)
Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_[/bin/sh_NULL])) Shellcode (25 bytes)
Linux/x86 - execve(/sbin/shutdown_/sbin/shutdown 0) Shellcode (36 bytes)
Linux/x86 - execve(/sbin/reboot_/sbin/reboot) Shellcode (28 bytes)
Linux/x86 - execve(/sbin/halt_/sbin/halt) Shellcode (27 bytes)
Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__0_0) Shellcode (28 bytes)
Linux/x86 - execve(/bin/sh_0_0) Shellcode (21 bytes)
Linux/x86 - fork() + setreuid(0_ 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126 bytes)
Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes)
Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)
Linux/x86 - execve(/sbin/ipchains -F) Shellcode (70 bytes)
Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)

Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)

Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)

Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)

Linux/x86 - execve /bin/dash Shellcode (30 bytes)
Linux/x86 - execve(/bin/dash) Shellcode (30 bytes)

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (53 bytes)

FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes)

FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes)
FreeBSD/x86 - /sbin/pfctl -F all Shellcode (47 bytes)

FreeBSD - reboot() Shellcode (15 Bytes)
FreeBSD/x86 - reboot() Shellcode (15 bytes)

Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)

Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (21 bytes)

Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)
Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)

Linux/x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86 - execve(/bin/sh) Shellcode (24 bytes)

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes)
 2018-01-17 05:02:19 +00:00
Offensive Security
d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
 2017-11-24 20:56:23 +00:00