4 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Offensive Security
|
d304cc3d3e |
DB: 2017-11-24
116602 new exploits Too many to list! |
||
|
Offensive Security
|
4b39f0d26d |
DB: 2017-11-16
23 new exploits VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (1) VideoLAN VLC Media Player 0.8.6a - Denial of Service (1) Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service Microsoft Windows Explorer - '.AVI' File Denial of Service Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service Microsoft Windows Explorer - '.ANI' File Denial of Service Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service Microsoft Windows Explorer - '.doc' File Denial of Service CDBurnerXP 4.2.4.1351 - Local Crash (Denial of Service) Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Unspecified Vulnerabilities Juniper Networks JUNOS 7.1.1 - Malformed TCP Packet Denial of Service / Multiple Vulnerabilities iPhone / iTouch FtpDisc 1.0 3 - ExploitsInOne Buffer Overflow Denial of Service iPhone / iTouch FtpDisc 1.0 - Buffer Overflow / Denial of Service Aladdin eToken PKI Client 4.5 - Virtual File Handling Unspecified Memory Corruption (PoC) Aladdin eToken PKI Client 4.5 - Virtual File Handling Memory Corruption (PoC) Webby WebServer - SEH Control (PoC) Webby WebServer - Overflow (SEH) (PoC) Quick 'n Easy FTP Server Lite 3.1 - Exploit Quick 'n Easy FTP Server Lite 3.1 - Denial of Service Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC) Subtitle Translation Wizard 3.0.0 - Overflow (SEH) (PoC) FFDshow - SEH Exception Leading to Null Pointer on Read FFDshow - Overflow (SEH) Exception Leading to Null Pointer on Read Microsoft Internet Explorer - MSHTML Findtext Processing Issue Microsoft Internet Explorer - MSHTML Findtext Processing Exploit Oreans WinLicense 2.1.8.0 - XML File Handling Unspecified Memory Corruption Oreans WinLicense 2.1.8.0 - XML File Handling Memory Corruption Debian suidmanager 0.18 - Exploit AMD K6 Processor - Exploit Apple Personal Web Sharing 1.1 - Remote Denial of Service AMD K6 Processor - Denial of Service Sun Solaris 7.0 - 'procfs' Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - identd Denial of Service S.u.S.E. Linux 6.2 / Slackware Linux 3.2/3.6 - 'identd' Denial of Service Debian 2.1/2.2 / Mandrake 6.0/6.1/7.0 / RedHat 6.x - rpc.lockd Remote Denial of Service Debian 2.1/2.2 / Mandrake 6.0/6.1/7.0 / RedHat 6.x - 'rpc.lockd' Remote Denial of Service D-Link DIR605L - Denial of Service RedHat Linux 6.1 i386 - Tmpwatch Recursive Write Denial of Service (Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service ReiserFS 3.5.28 (Linux Kernel) - Code Execution / Denial of Service IBM AIX 4.3.3/5.1/5.2 libIM - Buffer Overflow IBM AIX 4.3.3/5.1/5.2 - 'libIM' Buffer Overflow xfstt 1.2/1.4 - Unspecified Memory Disclosure xfstt 1.2/1.4 - Memory Disclosure ViRobot Linux Server 2.0 - Exploit Linux Kernel 2.4.x/2.6.x - Multiple Unspecified ISO9660 Filesystem Handling Vulnerabilities Linux Kernel 2.4.x/2.6.x - Multiple ISO9660 Filesystem Handling Vulnerabilities IBM AIX 5.x - Invscout Local Buffer Overflow IBM AIX 5.x - 'Invscout' Local Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Unspecified Buffer Overflow Microsoft Internet Explorer 5.0.1 - '.JPEG' Image Rendering Buffer Overflow Microsoft Excel 95/97/2000/2002/2003/2004 - Unspecified Memory Corruption (MS06-012) Microsoft Excel 95/97/2000/2002/2003/2004 - Memory Corruption (MS06-012) IBM Tivoli Directory Server 6.0 - Unspecified LDAP Memory Corruption IBM Tivoli Directory Server 6.0 - LDAP Memory Corruption Quake 3 Engine - CL_ParseDownload Remote Buffer Overflow Quake 3 Engine - 'CL_ParseDownload' Remote Buffer Overflow Zabbix 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities Zabbix 1.1.2 - Multiple Remote Code Execution Vulnerabilities VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (2) VideoLAN VLC Media Player 0.8.6a - Denial of Service (2) Sun Solaris 10 - ICMP Unspecified Remote Denial of Service Sun Solaris 10 - ICMP Remote Denial of Service Mozilla Firefox 2.0.0.2 - Unspecified GIF Handling Denial of Service Mozilla Firefox 2.0.0.2 - '.GIF' Handling Denial of Service Progress WebSpeed 3.0/3.1 - Denial of Service GStreamer 0.10.15 - Multiple Unspecified Remote Denial of Service Vulnerabilities GStreamer 0.10.15 - Multiple Remote Denial of Service Vulnerabilities Wireshark 0.99.8 - X.509sat Dissector Unspecified Denial of Service Wireshark 0.99.8 - LDAP Dissector Unspecified Denial of Service Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified Denial of Service Wireshark 0.99.8 - X.509sat Dissector Denial of Service Wireshark 0.99.8 - LDAP Dissector Denial of Service Wireshark 0.99.8 - SCCP Dissector Decode As Feature Denial of Service Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (1) Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (2) Nokia Lotus Notes Connector - 'lnresobject.dll' Unspecified Remote Denial of Service Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (1) Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Remote Denial of Service (2) Nokia Lotus Notes Connector - 'lnresobject.dll' Remote Denial of Service Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion (Denial of Service) Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Unspecified Remote Denial of Service Wireshark 1.2.1 - GSM A RR Dissector packet.c Unspecified Remote Denial of Service Wireshark 1.2.1 - OpcUa Dissector Resource Exhaustion (Denial of Service) Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Remote Denial of Service Wireshark 1.2.1 - GSM A RR Dissector packet.c Remote Denial of Service Opera Web Browser < 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities Opera Web Browser < 11.60 - Denial of Service / Multiple Vulnerabilities SmallFTPd - Unspecified Denial of Service SmallFTPd - Denial of Service Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Exploitable Kernel NULL Dereference Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Kernel NULL Dereference Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Exploitable Kernel NULL Dereference Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Kernel NULL Dereference Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Dereference Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient NULL Dereference Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF CREATECOLORSPACEW' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple Issues 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple 'EMF CREATECOLORSPACEW' Record Handling (MS16-055) Microsoft Windows - 'gdi32.dll' Multiple 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055) Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine Apple Mac OSX Kernel - Null Pointer Dereference in AppleMuxControl.kext Apple Mac OSX Kernel - Null Pointer Dereference in AppleGraphicsDeviceControl Apple Mac OSX Kernel - NULL Dereference in IOAccelSharedUserClient2::page_off_resource Apple Mac OSX Kernel - NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value Apple Mac OSX Kernel - Null Pointer Dereference in IOAudioEngine Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues Apple OS X/iOS - 'mach_ports_register' Multiple Memory Safety Exploits Linux Kernel 3.10.0-327/4.8.0-22 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Linux Kernel 4.8.0-22/3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference Microsoft MsMpEng - Remotely Exploitable Use-After-Free due to Design Issue in GC Engine Microsoft MsMpEng - Remote Use-After-Free Due to Design Issue in GC Engine Microsoft Windows Kernel - 'win32k.sys' Multiple Issues 'NtGdiGetDIBitsInternal' System Call Microsoft Windows Kernel - 'win32k.sys' Multiple 'NtGdiGetDIBitsInternal' System Call Mandrake Linux 8.2 /usr/mail - Local Exploit Mandrake Linux 8.2 - '/usr/mail' Local Exploit RedHat 6.2 /sbin/restore - Exploit RedHat 6.2 - '/sbin/restore' Privilege Escalation dump 0.4b15 (RedHat 6.2) - Exploit dump 0.4b15 (RedHat 6.2) - Privilege Escalation xsoldier 0.96 (RedHat 6.2) - Exploit Pine (Local Message Grabber) - Exploit xsoldier 0.96 (RedHat 6.2) - Buffer Overflow Pine (Local Message Grabber) - Local Message Read Seyon 2.1 rev. 4b i586-Linux - Exploit Seyon 2.1 rev. 4b i586-Linux (RedHat 4.0/5.1) - Overflow glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploit glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - File Read suid_perl 5.001 - Exploit suid_perl 5.001 - Command Execution Sendmail 8.11.x (Linux/i386) - Exploit Sendmail 8.11.x (Linux/i386) - Privilege Escalation Microsoft Excel - Unspecified Remote Code Execution Microsoft Excel - Remote Code Execution Microsoft Word 2000 - Unspecified Code Execution Microsoft Word 2000 - Code Execution IBM AIX 5.3 sp6 - capture Terminal Sequence Privilege Escalation IBM AIX 5.3 sp6 - pioout Arbitrary Library Loading Privilege Escalation IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation IBM AIX 5.3 SP6 - 'pioout' Arbitrary Library Loading Privilege Escalation IBM AIX 5.3 libc - MALLOCDEBUG File Overwrite IBM AIX 5.3 - 'libc' MALLOCDEBUG File Overwrite Easy RM to MP3 Converter 2.7.3.700 - Exploit Easy RM to MP3 Converter 2.7.3.700 - Buffer Overflow Easy RM to MP3 27.3.700 (Windows XP SP3) - Exploit Easy RM to MP3 27.3.700 (Windows XP SP3) - Overflow Adobe Reader and Acrobat - Exploit Adobe Reader / Acrobat - '.PDF' File Overflow Mini-stream Ripper (Windows XP SP2/SP3) - Exploit Mini-stream Ripper (Windows XP SP2/SP3) - Local Overflow DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) Winamp 5.572 - Exploit (SEH) Winamp 5.572 - Overflow (SEH) ZipScan 2.2c - Exploit (SEH) ZipScan 2.2c - Overflow (SEH) Local Glibc shared library (.so) 2.11.1 - Exploit (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation Local Glibc Shared Library (.so) 2.11.1 - Code Execution ReiserFS (Linux Kernel 2.6.34-rc3 / RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation SyncBack Freeware 3.2.20.0 - Exploit SyncBack Freeware 3.2.20.0 - Overflow (SEH) Mediacoder 0.7.3.4672 - Exploit (SEH) Mediacoder 0.7.3.4672 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) DJ Studio Pro 8.1.3.2.1 - Exploit (SEH) DJ Studio Pro 8.1.3.2.1 - Overflow (SEH) MP3 Workstation 9.2.1.1.2 - Exploit (SEH) (Metasploit) MP3 Workstation 9.2.1.1.2 - Overflow (SEH) (Metasploit) iworkstation 9.3.2.1.4 - Exploit (SEH) iworkstation 9.3.2.1.4 - Overflow (SEH) Nokia MultiMedia Player 1.0 - Exploit (SEH Unicode) Nokia MultiMedia Player 1.0 - Overflow (SEH Unicode) POP Peeper 3.7 - Exploit (SEH) POP Peeper 3.7 - Overflow (SEH) DVD X Player 5.5 Pro - SEH + ASLR + DEP Bypass DVD X Player 5.5 Pro - Overflow (SEH + ASLR + DEP Bypass) DJ Studio Pro 5.1.6.5.2 - Exploit (SEH) (Metasploit) DJ Studio Pro 5.1.6.5.2 - Overflow (SEH) (Metasploit) BlazeVideo HDTV Player 6.6 Professional - SEH + ASLR + DEP Bypass BlazeVideo HDTV Player 6.6 Professional - Overflow (SEH + ASLR + DEP Bypass) Slackware Linux 3.4 - 'liloconfig-color' Temporary file Slackware Linux 3.4 - 'makebootdisk' Temporary file Slackware Linux 3.4 - 'liloconfig-color' Temporary File Slackware Linux 3.4 - 'makebootdisk' Temporary File Slackware Linux 3.4 - 'netconfig' Temporary file Slackware Linux 3.4 - 'pkgtool' Temporary file Slackware Linux 3.4 - 'netconfig' Temporary File Slackware Linux 3.4 - 'pkgtool' Temporary File Debian suidmanager 0.18 - Command Execution BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Exploit HP HP-UX 10.20/11.0 / IBM AIX 4.3 / SCO Unixware 7.0 / Sun Solaris 2.6 - Exploit Slackware Linux 3.5 - Missing /etc/group Privilege Escalation BSDI BSD/OS 2.1 / FreeBSD 2.1 / IBM AIX 4.2 / SGI IRIX 6.4 / Sun SunOS 4.1.3 - Buffer Overrun HP HP-UX 10.20/11.0 / IBM AIX 4.3 / SCO Unixware 7.0 / Sun Solaris 2.6 - Change File Permission Slackware Linux 3.5 - '/etc/group' Privilege Escalation Sun Solaris 2.6 power management - Exploit Sun Solaris 2.6 - power management Exploit DataLynx suGuard 1.0 - Exploit Sun Solaris 2.5.1 PAM & unix_scheme - Exploit Solaris 2.5.1 ffbconfig - Exploit Solaris 2.5.1 chkey - Exploit Solaris 2.5.1 Ping - Exploit SGI IRIX 6.4 ioconfig - Exploit DataLynx suGuard 1.0 - Privilege Escalation Sun Solaris 2.5.1 PAM / unix_scheme - 'passwd' Privilege Escalation Solaris 2.5.1 - 'ffbconfig' Exploit Solaris 2.5.1 - 'chkey' Exploit Solaris 2.5.1 - 'Ping' Exploit SGI IRIX 6.4 - 'ioconfig' Exploit BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - xlock Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - xlock Exploit (2) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - 'xlock' Exploit (1) BSD/OS 2.1 / DG/UX 7.0 / Debian 1.3 / HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.4 / Solaris 2.5.1 - '/usr/bin/X11/xlock' Privilege Escalation (2) Solaris 2.5.1 automount - Exploit Solaris 2.5.1 - 'automount' Exploit BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit Sun Solaris 7.0 dtprintinfo - Buffer Overflow Sun Solaris 7.0 lpset - Buffer Overflow BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Privilege Escalation Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Buffer Overflow Sun Solaris 7.0 - '/usr/bin/lpset' Buffer Overflow IBM Remote Control Software 1.0 - Exploit IBM Remote Control Software 1.0 - Code Execution Xcmail 0.99.6 - Exploit Xcmail 0.99.6 - Buffer Overflow Sun Solaris 7.0 ff.core - Exploit S.u.S.E. 5.2 lpc - Exploit Sun Solaris 7.0 - 'ff.core' Exploit S.u.S.E. 5.2 - 'lpc' Exploit SGI IRIX 6.2 cdplayer - Exploit SGI IRIX 6.2 - 'cdplayer' Exploit SGI IRIX 5.3 Cadmin - Exploit SGI IRIX 6.0.1 colorview - Exploit SGI IRIX 5.3 - 'Cadmin' Exploit SGI IRIX 6.0.1 - 'colorview' Exploit SGI IRIX 6.3 df - Exploit SGI IRIX 6.4 - datman/cdman Exploit SGI IRIX 6.3 - 'df' Exploit SGI IRIX 6.4 - datman/cdman Exploit RedHat Linux 2.1 - abuse.console Exploit SGI IRIX 6.2 fsdump - Exploit RedHat Linux 5.1 xosview - Exploit Slackware Linux 3.1 - Buffer Overflow RedHat Linux 2.1 - 'abuse.console' Exploit SGI IRIX 6.2 - 'fsdump' Exploit RedHat Linux 5.1 - xosview Slackware Linux 3.1 - '/usr/X11/bin/SuperProbe' Buffer Overflow IBM AIX 4.3 infod - Exploit IBM AIX 4.3 - 'infod' Exploit IBM AIX 4.2.1 snap - Insecure Temporary File Creation IBM AIX 4.2.1 - 'snap' Insecure Temporary File Creation SGI IRIX 6.4 inpview - Exploit RedHat Linux 5.0 msgchk - Exploit IBM AIX 4.2.1 portmir - Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 ping - Buffer Overflow IBM AIX 4.2 lchangelv - Buffer Overflow SGI IRIX 6.4 - 'inpview' Exploit RedHat Linux 5.0 - 'msgchk' Exploit IBM AIX 4.2.1 - '/usr/bin/portmir' Buffer Overflow / Insecure Temporary File Creation IBM AIX 4.2 - 'ping' Buffer Overflow IBM AIX 4.2 - '/usr/sbin/lchangelv' Buffer Overflow RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 mailx - Exploit (1) RedHat Linux 4.2 / SGI IRIX 6.3 / Solaris 2.6 - 'mailx' Exploit (1) SGI IRIX 6.4 netprint - Exploit SGI IRIX 6.4 - 'netprint' Exploit SGI IRIX 5.3/6.2 ordist - Exploit SGI IRIX 5.3/6.2 - 'ordist' Exploit SGI IRIX 5.3 pkgadjust - Exploit SGI IRIX 5.3 - 'pkgadjust' Exploit Sun Solaris 7.0 procfs - Exploit IBM AIX 3.2.5 - IFS Exploit IBM AIX 4.2.1 lquerypv - Exploit IBM AIX 3.2.5 - 'IFS' Exploit IBM AIX 4.2.1 - 'lquerypv' File Read SGI IRIX 6.3 pset - Exploit SGI IRIX 6.4 rmail - Exploit SGI IRIX 6.3 - 'pset' Exploit SGI IRIX 6.4 - 'rmail' Exploit SGI IRIX 5.2/5.3 serial_ports - Exploit SGI IRIX 6.4 suid_exec - Exploit SGI IRIX 5.1/5.2 sgihelp - Exploit SGI IRIX 6.4 startmidi - Exploit SGI IRIX 5.2/5.3 - 'serial_ports' Exploit SGI IRIX 6.4 - 'suid_exec' Exploit SGI IRIX 5.1/5.2- 'sgihelp' Exploit SGI IRIX 6.4 - 'startmidi' Exploit SGI IRIX 6.4 xfsdump - Exploit SGI IRIX 6.4 - 'xfsdump' Exploit IBM AIX 4.3.1 adb - Exploit IBM AIX 4.3.1 - 'adb' Denial of Service Apple At Ease 5.0 - Exploit Samba < 2.0.5 - Exploit Apple At Ease 5.0 - Information Disclosure Samba < 2.0.5 - Overflow NetBSD 1.4 / OpenBSD 2.5 /Solaris 7.0 profil(2) - Exploit NetBSD 1.4 / OpenBSD 2.5 / Solaris 7.0 - 'profil(2)' Modify The Internal Data Space Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 espeaker - Local Buffer Overflow Mandriva Linux Mandrake 6.0 / Gnome Libs 1.0.8 - 'espeaker' Local Buffer Overflow HP-UX 10.20 newgrp - Exploit HP-UX 10.20 newgrp - Privilege Escalation BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - '/usr/bin/lpr' Buffer Overrun Privilege Escalation (2) BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (1) FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (2) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (1) xsoldier (FreeBSD 3.3/Linux Mandrake 7.0) - Buffer Overflow (2) Solaris 7.0 kcms_configure - Exploit Solaris 7.0 - 'kcms_configure Exploit Windowmaker wmmon 1.0 b2 - Exploit Windowmaker wmmon 1.0 b2 - Command Execution Oracle8i Standard Edition 8.1.5 for Linux Installer - Exploit Oracle8i Standard Edition 8.1.5 for Linux Installer - Privilege Escalation Standard & Poors ComStock 4.2.4 - Exploit Standard & Poors ComStock 4.2.4 - Command Execution KDE 1.1.2 KApplication configfile - Exploit (1) KDE 1.1.2 KApplication configfile - Exploit (2) KDE 1.1.2 KApplication configfile - Exploit (3) KDE 1.1.2 KApplication configfile - Privilege Escalation (1) KDE 1.1.2 KApplication configfile - Privilege Escalation (2) KDE 1.1.2 KApplication configfile - Privilege Escalation (3) BSD 'mailx' 8.1.1-10 - Buffer Overflow (2) mailx 8.1.1-10 (BSD/Slackware) - Buffer Overflow (2) Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - fld Input File Overflow Mandrake 7.0/7.1 / RedHat Kon2 0.3.9 - '/usr/bin/fld' Input File Overflow IRIX 6.5.x - GR_OSView Buffer Overflow SGI IRIX 6.2 libgl.so - Buffer Overflow IRIX 6.5.x - dmplay Buffer Overflow IRIX 6.2/6.3 lpstat - Buffer Overflow IRIX 6.5.x - inpview Race Condition IRIX 6.5.x - '/usr/sbin/gr_osview' Buffer Overflow SGI IRIX 6.2 - 'libgl.so' Buffer Overflow IRIX 6.5.x - '/usr/sbin/dmplay' Buffer Overflow IRIX 6.2/6.3 - '/bin/lpstat' Buffer Overflow IRIX 6.5.x - '/usr/lib/InPerson/inpview' Race Condition IRIX 5.3/6.x - mail Exploit IRIX 5.3/6.x - '/usr/bin/mail' Buffer Overflow Libc locale - Exploit (1) Libc locale - Exploit (2) Libc locale - Privilege Escalation (1) Libc locale - Privilege Escalation (2) GNOME esound 0.2.19 - Unix Domain Socket Race Condition Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell redirection Race Condition Apple Mac OSX 10 / HP-UX 9/10/11 / Mandriva 6/7 / RedHat 5/6 / SCO 5 / IRIX 6 - Shell Redirection Race Condition IBM AIX 4.x - setsenv Buffer Overflow IBM AIX 4.3 digest - Buffer Overflow IBM AIX 4.x - enq Buffer Overflow IBM AIX 4.3.x - piobe Buffer Overflow IBM AIX 4.x - '/usr/bin/setsenv' Buffer Overflow IBM AIX 4.3 - '/usr/lib/lpd/digest' Buffer Overflow IBM AIX 4.x - 'enq' Buffer Overflow IBM AIX 4.3.x - '/usr/lib/lpd/piobe' Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 - CDE dtsession Buffer Overflow SGI IRIX 6.5 / Solaris 7.0/8 CDE - '/usr/dt/bin/dtsession' Buffer Overflow AIX 4.2/4.3 - piomkapqd Buffer Overflow AIX 4.2/4.3 - '/usr/lib/lpd/pio/etc/piomkapqd' Buffer Overflow (Linux Kernel 2.4.17-8) User-Mode Linux - Memory Access Privilege Escalation User-Mode Linux (Linux Kernel 2.4.17-8) - Memory Access Privilege Escalation (Linux Kernel) Grsecurity Kernel Patch 1.9.4 - Memory Protection Grsecurity Kernel Patch 1.9.4 (Linux Kernel) - Memory Protection QNX RTOS 6.1 - phlocale Environment Variable Buffer Overflow QNX RTOS 6.1 - PKG-Installer Buffer Overflow QNX RTOS 6.1 - '/usr/photon/bin/phlocale' Environment Variable Buffer Overflow QNX RTOS 6.1 - 'PKG-Installer' Buffer Overflow NCMedia Sound Editor Pro 7.5.1 - SEH + DEP Bypass NCMedia Sound Editor Pro 7.5.1 - Overflow (SEH + DEP Bypass) AFD 1.2.x - Working Directory Local Buffer Overflow AFD 1.2.x - Working Directory Local Buffer Overflow Privilege Escalation IBM AIX 4.3.x/5.1 - ERRPT Local Buffer Overflow IBM AIX 4.3.x/5.1 - 'ERRPT' Local Buffer Overflow HP-UX 10.x - rs.F3000 Unspecified Unauthorized Access HP-UX 10.x - rs.F3000 Unauthorized Access Leksbot 1.2 - Multiple Unspecified Vulnerabilities Leksbot 1.2 - Multiple Vulnerabilities IBM AIX 4.3.x/5.1 - LSMCODE Environment Variable Local Buffer Overflow IBM AIX 4.3.x/5.1 - 'LSMCODE' Environment Variable Local Buffer Overflow IBM UniVerse 10.0.0.9 - uvadmsh Privilege Escalation IBM UniVerse 10.0.0.9 - 'uvadmsh' Privilege Escalation ViRobot Linux Server 2.0 - Overflow (Linux Kernel 2.6) Samba 2.2.8 (Debian / Mandrake) - Share Privilege Escalation Samba 2.2.8 (Linux Kernel 2.6 / Debian / Mandrake) - Share Privilege Escalation Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (1) Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (2) Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (3) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (1) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (2) Veritas NetBackup 3.5/4.5/5.0 - Multiple Local Memory Corruption Vulnerabilities (3) Nvidia Display Driver Service (Nsvr) - Exploit Nvidia Display Driver Service (Nsvr) - Buffer Overflow IBM AIX 5.3 - GetShell and GetCommand File Enumeration IBM AIX 5.3 - GetShell and GetCommand Partial File Disclosure IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Enumeration IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Disclosure Apple 2.0.4 - Safari Unspecified Local Apple 2.0.4 - Safari Local Exploit Systrace - Multiple System Call Wrappers Concurrency Vulnerabilities IBM AIX 6.1.8 libodm - Arbitrary File Write IBM AIX 6.1.8 - 'libodm' Arbitrary File Write Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow VeryPDF HTML Converter 2.0 - Buffer Overflow (SEH/ToLower() Bypass) Symantec Encryption Desktop 10 - Buffer Overflow Privilege Escalation QEMU (Gentoo) - Local Priv Escalation QEMU (Gentoo) - Privilege Escalation Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation Apache Tomcat 8/7/6 (RedHat Based Distros) - Privilege Escalation RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock) RedStar 3.0 Server - 'BEAM' / 'RSSMON' Command Injection (Shellshock) Microsoft WordPerfect Document Converter - Exploit (MS03-036) Microsoft WordPerfect Document Converter (Windows NT4 Workstation SP5/SP6 French) - File Template Buffer Overflow (MS03-036) CA BrightStor ARCserve Backup - Exploiter Tool CA BrightStor ARCserve Backup - Overflow NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - Exploit NCTAudioEditor2 ActiveX DLL 'NCTWMAFile2.dll 2.6.2.157' - File Write CDBurnerXP 4.2.4.1351 - Exploit PeerCast 0.1216 - Exploit (Metasploit) PeerCast 0.1216 - Stack Overflow (Metasploit) BigAnt Server 2.52 - Exploit (SEH) BigAnt Server 2.52 - Overflow (SEH) NetTransport Download Manager 2.90.510 - Exploit NetTransport Download Manager 2.90.510 - Overflow (SEH) File Sharing Wizard 1.5.0 - Exploit (SEH) File Sharing Wizard 1.5.0 - Overflow (SEH) Real Player 12.0.0.879 - Exploit Sun Java Web Server 7.0 u7 - Exploit (DEP Bypass) Real Player 12.0.0.879 - Code Execution Sun Java Web Server 7.0 u7 - Overflow (DEP Bypass) IBM AIX 5l FTPd - Remote DES Hash Exploit IBM AIX 5l - 'FTPd' Remote DES Hash Exploit Microsoft Data Access Components - Exploit (MS11-002) Microsoft Data Access Components - Overflow (PoC) (MS11-002) FileCOPA FTP Server (Pre 18 Jul Version) - Exploit (Metasploit) FileCOPA FTP Server (Pre 18 Jul Version) - 'LIST' Buffer Overflow (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Exploit (Metasploit) Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow (Metasploit) Apple Personal Web Sharing 1.1 - Exploit id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Exploit id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Command Execution Metainfo Sendmail 2.0/2.5 & MetaIP 3.1 - Exploit Metainfo Sendmail 2.0/2.5 / MetaIP 3.1 - Upload / Execute Read Scripts IBM AIX 3.2/4.1 & SCO Unixware 7.1.1 & SGI IRIX 5.3 & Sun Solaris 2.5.1 - Exploit IBM AIX 3.2/4.1 / SCO Unixware 7.1.1 / SGI IRIX 5.3 / Sun Solaris 2.5.1 - Privilege Escalation HP HP-UX 10.34 rlpdaemon - Exploit HP HP-UX 10.34 rlpdaemon - Remote Overflow Ray Chan WWW Authorization Gateway 0.1 - Exploit Ray Chan WWW Authorization Gateway 0.1 - Command Execution Solaris 7.0 Coredump - Exploit Solaris 7.0 - 'Coredump' File Write IBM Scalable POWERparallel (SP) 2.0 sdrd - Exploit SGI IRIX 6.2 cgi-bin wrap - Exploit IBM Scalable POWERparallel (SP) 2.0 - 'sdrd' File Read SGI IRIX 6.2 - cgi-bin wrap Exploit SGI IRIX 6.5.2 nsd - Exploit SGI IRIX 6.5.2 - 'nsd'' Exploit IBM AIX 3.2.5 - login(1) Exploit IBM AIX 3.2.5 - 'login(1)' Exploit Compaq Java Applet for Presario SpawnApp - Exploit Compaq Java Applet for Presario SpawnApp - Code Execution Network Security Wizards Dragon-Fire IDS 1.0 - Exploit Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Exploit Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure IBM AIX 4.3.2 ftpd - Remote Buffer Overflow IBM AIX 4.3.2 - 'ftpd' Remote Buffer Overflow glFTPd 1.17.2 - Exploit glFTPd 1.17.2 - Code Execution Netopia R-series routers 4.6.2 - Exploit Netopia R-series Routers 4.6.2 - Modifying SNMP Tables Sun Java Web Server 1.1.3/2.0 Servlets - Exploit Sun Java Web Server 1.1.3/2.0 Servlets - information Disclosure IPFilter 3.x - Fragment Rule Bypass CGIWrap 2.x/3.x - Cross-Site Scripting AIX 4.1/4.2 - pdnsd Buffer Overflow AIX 4.1/4.2 - 'pdnsd' Buffer Overflow RedHat Linux 7.0 Apache - Remote 'Username' Enumeration RedHat Linux 7.0 Apache - Remote Username Enumeration Hylafax 4.1.x - HFaxD Unspecified Format String Hylafax 4.1.x - HFaxD Format String EZMeeting 3.x - 'EZNet.exe' Long HTTP Request Remote Buffer Overflow LHA 1.x - Multiple extract_one Buffer Overflow Vulnerabilities LHA 1.x - 'extract_one' Multiple Buffer Overflow Vulnerabilities Ethereal 0.x - Multiple Unspecified iSNS / SMB / SNMP Protocol Dissector Vulnerabilities Ethereal 0.x - Multiple iSNS / SMB / SNMP Protocol Dissector Vulnerabilities Oracle 9i - Multiple Unspecified Vulnerabilities Oracle 9i - Multiple Vulnerabilities File ELF 4.x - Header Unspecified Buffer Overflow File ELF 4.x - Header Buffer Overflow Microsoft PowerPoint 2003 - 'mso.dll' .PPT Processing Unspecified Code Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Unspecified Issue Microsoft PowerPoint 2003 - 'mso.dll' '.PPT' Processing Code Execution Microsoft PowerPoint 2003 - 'powerpnt.exe' Exploit CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Unspecified Arbitrary File Manipulation CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Unspecified Replay Attack CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Arbitrary File Manipulation CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Replay Attack Microsoft Internet Explorer 6 - Unspecified Code Execution (1) Microsoft Internet Explorer 6 - Unspecified Code Execution (2) Microsoft Internet Explorer 6 - Code Execution (1) Microsoft Internet Explorer 6 - Code Execution (2) GNU Tar 1.1x - GNUTYPE_NAMES Directory Traversal GNU Tar 1.1x - 'GNUTYPE_NAMES' Directory Traversal TFTP Server TFTPDWin 0.4.2 - Unspecified Directory Traversal TFTP Server TFTPDWin 0.4.2 - Directory Traversal Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Unspecified Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Exploit Multiple CA Service Management Products - Unspecified Remote Command Execution Multiple CA Service Management Products - Remote Command Execution NovaStor NovaNET 12 - 'DtbClsLogin()' Remote Stack Buffer Overflow Bash - Environment Variables Code Injection (Shellshock) Bash - Environment Variables Command Injection (Shellshock) OpenVPN 2.2.29 - Remote Exploit (Shellshock) OpenVPN 2.2.29 - Remote Command Injection (Shellshock) Postfix SMTP 4.2.x < 4.2.48 - Remote Exploit (Shellshock) Apache mod_cgi - Remote Exploit (Shellshock) Postfix SMTP 4.2.x < 4.2.48 - Remote Command Injection (Shellshock) Apache mod_cgi - Remote Command Injection (Shellshock) Poison Ivy 2.3.2 - Unspecified Remote Buffer Overflow Poison Ivy 2.3.2 - Remote Buffer Overflow Samba 3.5.11/3.6.3 - Unspecified Remote Code Execution Samba 3.5.11/3.6.3 - Remote Code Execution Advantech Switch - Bash Environment Variable Code Injection (Shellshock) (Metasploit) Advantech Switch - Bash Environment Variable Command Injection (Shellshock) (Metasploit) Cisco UCS Manager 2.1(1b) - Remote Exploit (Shellshock) Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock) IPFire - Bash Environment Variable Injection (Shellshock) (Metasploit) IPFire - Bash Environment Variable Command Injection (Shellshock) (Metasploit) TrendMicro InterScan Web Security Virtual Appliance - Remote Code Execution (Shellshock) TrendMicro InterScan Web Security Virtual Appliance - Remote Command Injection (Shellshock) Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remotely Exploitable Type Confusion Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remote Type Confusion Poll It CGI 2.0 - Exploit Poll It CGI 2.0 - Multiple Vulnerabilities DreamPoll 3.1 - Exploit DreamPoll 3.1 - SQL Injection WordPress Plugin WP-Cumulus 1.20 - Exploit WordPress Plugin WP-Cumulus 1.20 - Full Path Disclosure / Cross-Site Scripting Public Media Manager - Exploit Public Media Manager - Remote File Inclusion Joomla! Component com_adagency - Exploit Joomla! Component com_adagency - Local File Inclusion File Upload Manager 1.3 - Exploit File Upload Manager 1.3 - Web Shell File Upload Joomla! Component com_caddy - Exploit Renista CMS - Exploit Renista CMS - SQL Injection BtiTracker 1.3.x < 1.4.x - Exploit BtiTracker 1.3.x < 1.4.x - SQL Injection WordPress Plugin Cimy Counter - Exploit WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting Belkin F5D7234-4 v5 G Wireless Router - Exploit Belkin F5D7234-4 v5 G Wireless Router - Remote Hash Exposed WhatsApp Status Changer 0.2 - Exploit WhatsApp - Remote Change Status MySimpleNews 1.0 - Remotely Readable Administrator Password MySimpleNews 1.0 - Remote Readable Administrator Password SquirrelMail 1.2.11 - Exploit SquirrelMail 1.2.11 - Multiple Vulnerabilities D-Link DCS-936L Network Camera - Cross-Site Request Forgery Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting Yappa-ng 1.x/2.x - Remote File Inclusion Yappa-ng 1.x/2.x - Cross-Site Scripting Aenovo - Multiple Unspecified Cross-Site Scripting Vulnerabilities Aenovo - Multiple Cross-Site Scripting Vulnerabilities Codegrrl - 'Protection.php' Unspecified Code Execution Codegrrl - 'Protection.php' Code Execution Red Mombin 0.7 - 'index.php' Unspecified Cross-Site Scripting Red Mombin 0.7 - 'process_login.php' Unspecified Cross-Site Scripting Red Mombin 0.7 - 'index.php' Cross-Site Scripting Red Mombin 0.7 - 'process_login.php' Cross-Site Scripting A-Blog 1.0 - Unspecified Cross-Site Scripting A-Blog 1.0 - Cross-Site Scripting Liens_Dynamiques 2.1 - Multiple Unspecified Cross-Site Scripting Vulnerabilities Liens_Dynamiques 2.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Akismet 2.1.3 - Unspecified WordPress Plugin Akismet 2.1.3 - Exploit SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Remote Command Execution Vulnerabilities UPC Ireland Cisco EPC 2425 Router / Horizon Box - Exploit UPC Ireland Cisco EPC 2425 Router / Horizon Box - WPA-PSK Handshake Information Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload Korean GHBoard - 'Component/upload.jsp' Arbitrary File Upload MyPHP Forum 3.0 - 'search.php' Multiple Unspecified SQL Injections MyPHP Forum 3.0 - 'search.php' Multiple SQL Injections Zoph 0.7.2.1 - Unspecified SQL Injection Zoph 0.7.2.1 - SQL Injection Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection Joomla! Component FreiChat 1.0/2.x - HTML Injection Bash CGI - Remote Code Execution (Shellshock) (Metasploit) Bash CGI - Remote Command Injection (Shellshock) (Metasploit) PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock) PHP < 5.6.2 - 'disable_functions()' Bypass Command Injection (Shellshock) Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Unspecified Security Vulnerabilities Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Security Vulnerabilities Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Unspecified Security Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security Exploit Netsweeper 4.0.8 - Authentication Bypass Issue Netsweeper 4.0.8 - Authentication Bypass SimpleInvoices invoices Module - Unspecified Customer Field Cross-Site Scripting SimpleInvoices invoices Module - Customer Field Cross-Site Scripting Bugzilla 4.2 - Tabular Reports Unspecified Cross-Site Scripting Bugzilla 4.2 - Tabular Reports Cross-Site Scripting iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal iScripts AutoHoster - 'main_smtp.php' Traversal Exploit Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Issues Trend Micro - 'CoreServiceShell.exe' Multiple HTTP Exploits Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Exploit (Shellshock) Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock) NUUO NVRmini 2 3.0.8 - Remote Code Execution (Shellshock) NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock) Squid Analysis Report Generator 2.3.10 - Remote Code Execution |
||
|
Offensive Security
|
c7b4bfd8e6 |
DB: 2017-08-23
23 new exploits
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow
Disk Savvy Enterprise 9.9.14 - 'Import Command' Buffer Overflow
VX Search Enterprise 9.9.12 - 'Import Command' Buffer Overflow
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)
IBM OpenAdmin Tool - SOAP welcomeServer PHP Code Execution (Metasploit)
BSD - Passive Connection Shellcode (124 bytes)
BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)
BSD/x86 - setuid(0) then execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind Shell 31337/TCP + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform Shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) Shellcode (29 bytes)
BSD/x86 - Bind Shell 31337/TCP Shellcode (83 bytes)
BSD/x86 - Bind Random Port Shellcode (143 bytes)
BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) + setuid(0) Shellcode (94 bytes)
BSD/x86 - execve /bin/sh Shellcode (27 bytes)
BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes)
BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes)
BSD/x86 - Bind TCP Shell (Random Port) Shellcode (143 bytes)
BSD/x86 - execve /bin/sh Crypt Shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* Shellcode (57 bytes)
BSD/x86 - Connect torootteam.host.sk:2222 Shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes)
BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes)
BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes)
BSD/x86 - execve /bin/cat /etc/master.passwd | mail [email] Shellcode (92 bytes)
BSDi/x86 - execve /bin/sh toupper evasion Shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh Shellcode (Anti-Debugging) (140 bytes)
BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes)
FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd Shellcode (112 bytes)
FreeBSD/x86 - kill all processes Shellcode (12 bytes)
FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse /bin/sh Shell (127.0.0.1:8000) Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes)
FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes)
FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)
FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + JMP + Return Results Null-Free Shellcode (90 bytes)
FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000) Null-Free Shellcode (89 bytes)
FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes)
FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes)
FreeBSD/x86 - kldload /tmp/o.o Shellcode (74 bytes)
FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)
FreeBSD/x86 - Connect Port 31337 Shellcode (102 bytes)
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes)
Linux/x86 - Bind Shellcode (Generator)
Windows XP SP1 - Bind Shellcode (Generator)
(Generator) - /bin/sh Polymorphic With Printable ASCII Characters Shellcode
Linux/x86 - cmd Null-Free Shellcode (Generator)
(Generator) - Alphanumeric Shellcode (Encoder/Decoder)
Linux/x86 - Bind TCP Shellcode (Generator)
Windows XP SP1 - Bind TCP Shell Shellcode (Generator)
Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator)
Linux/x86 - Command Null-Free Shellcode (Generator)
Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator)
Win32 - Multi-Format Encoding Tool Shellcode (Generator)
iOS - Version-independent Shellcode
Cisco IOS - Connectback 21/TCP Shellcode
Windows x86 - Multi-Format Encoding Tool Shellcode (Generator)
iOS Version-independent - Null-Free Shellcode
Cisco IOS - New TTY / Privilege Level To 15 / Reverse Virtual Terminal Shell (21/TCP) Shellcode
Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator)
Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh Shellcode (240 bytes)
Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes)
Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes)
Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes)
Linux/x86 - killall5 polymorphic Shellcode (61 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes)
Linux/x86 - reboot() polymorphic Shellcode (57 bytes)
Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes)
Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes)
Linux/x86 - killall5 Polymorphic Shellcode (61 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes)
Linux/x86 - reboot() Polymorphic Shellcode (57 bytes)
Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes)
Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes)
Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes)
Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes)
Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes)
Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes)
Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes)
Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes)
Linux/x86 - Shellcode Obfuscator (Generator)
Linux/x86 - Shellcode Obfuscator Null-Free (Generator)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) /bin/sh Shellcode (35 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes)
Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes)
Linux/x86 - Reverse TCP /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off Shellcode (79 bytes)
Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes)
Linux/x86 - /sbin/iptables -F Shellcode (40 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes)
Linux/x86 - /sbin/ipchains -F Shellcode (40 bytes)
Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes)
Linux/x86 - executes command after setreuid Shellcode (49+ bytes)
Linux/x86 - HTTP/1.x GET + Downloads + execve() Null-Free Shellcode (111+ bytes)
Linux/x86 - setreuid + executes command (49+ bytes)
Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes)
Linux/x86 - Bind 2707/TCP Shellcode (84 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes)
Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes)
Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes)
Linux/x86 - Reverse TCP Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337) Shellcode (82 bytes) (Generator)
Linux/x86 - Reverse TCP XOR Encoded Shell (127.0.0.1:80/TCP) Shellcode (371 bytes)
Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes)
Linux/x86 - /tmp/swr to SWAP restore Shellcode (109 bytes)
Linux/x86 - Read SWAP write to /tmp/swr Shellcode (109 bytes)
Linux/x86 - Bind TCP Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind 64713/TCP Shellcode (86 bytes)
Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes)
Linux/x86 - TCP Proxy Shellcode (236 bytes)
Linux/x86 - TCP Proxy Null-Free Shellcode (236 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes)
Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP Shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/TCP + fork() Shellcode (98 bytes)
Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes)
Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes)
Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes)
Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (32 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) Shellcode (36 bytes)
Linux/x86 - snoop /dev/dsp Shellcode (172 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes)
Linux/x86 - snoop /dev/dsp Null-Free Shellcode (172 bytes)
Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - chroot + standart Shellcode (66 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes)
Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes)
Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes)
Linux/x86 - setreuid/execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Shellcode (64 bytes)
Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes)
Linux/x86 - setreuid + execve Shellcode (31 bytes)
Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes)
Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes)
Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes)
Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes)
Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes)
Linux/x86 - iptables -F Shellcode (45 bytes)
Linux/x86 - iptables -F Shellcode (58 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes)
Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes)
Linux/x86 - connect Shellcode (120 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind 5074/TCP Shellcode (92 bytes)
Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes)
Linux/x86 - Add User (t00r) Shellcode (82 bytes)
Linux/x86 - Add User Shellcode (104 bytes)
Linux/x86 - break chroot Shellcode (34 bytes)
Linux/x86 - break chroot Shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes)
Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes)
Linux/x86 - Add Root User (t00r) Shellcode (82 bytes)
Linux/x86 - Add Root User Shellcode (104 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes)
Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes)
Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes)
Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes)
Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes)
Linux/x86 - chroot()/execve() code Shellcode (80 bytes)
Linux/x86 - Add User (z) Shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes)
Linux/x86 - Add Root User (z) Shellcode (70 bytes)
Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes)
Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh Shellcode (38 bytes)
Linux/PPC / Linux/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (99 bytes)
OSX/PPC / OSX/x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) Shellcode (121 bytes)
Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes)
Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes)
BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes)
OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ Shellcode (112 bytes)
OSX/PPC - sync()_ reboot() Shellcode (32 bytes)
OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes)
OpenBSD/x86 - Add Root User (w00w00) Shellcode (112 bytes)
OSX/PPC - sync() + reboot() Shellcode (32 bytes)
OSX/PPC - Add user _r00t_ Shellcode (219 bytes)
OSX/PPC - Add Root User (r00t) Shellcode (219 bytes)
Solaris/SPARC - executes command after setreuid Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP XNOR Encoded Shell (44434/TCP) Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid/execve Shellcode (56 bytes)
Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes)
Solaris/SPARC - setreuid + executes command Shellcode (92+ bytes)
Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator)
Solaris/SPARC - setreuid + execve Shellcode (56 bytes)
Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes)
Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Solaris/SPARC - Bind TCP /bin/sh (6789/TCP) Shellcode (228 bytes)
Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes)
Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - Bind TCP Shellcode (Generator)
Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode
Win32/XP SP2 (EN) - cmd.exe Shellcode (23 bytes)
Win32 - SEH Omelet Shellcode
Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags Shellcode (14 bytes)
Win32 XP SP2 (FR) - Sellcode cmd.exe Shellcode (32 bytes)
Win32/XP SP2 - cmd.exe Shellcode (57 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder Alphanumeric Shellcode (67 bytes)
Win32 - PEB 'Kernel32.dll' ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Win32 - ConnectBack + Download A File + Save + Execute Shellcode
Win32 - Download File + Execute Shellcode (Browsers Edition) (Generator) (275+ bytes)
Win32 - Download File + Execute Shellcode (192 bytes)
Win32 - Download File + Execute Shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent Shellcode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box Shellcode (110 bytes)
Win32 - WinExec() Command Parameter Shellcode (104+ bytes)
Win32 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add User 'slim' Shellcode (318 bytes)
Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode
Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes)
Windows x86 - SEH Omelet Shellcode
Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)
Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes)
Windows XP SP2 x86 (French) - Sellcode cmd.exe Shellcode (32 bytes)
Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes)
Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes)
Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode
Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)
Windows x86 - Download File + Execute Shellcode (192 bytes)
Windows x86 - Download File + Execute Shellcode (124 bytes)
Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes)
Windows SP1/SP2 x86 - Beep Shellcode (35 bytes)
Windows XP SP2 x86 - Pop up message box Shellcode (110 bytes)
Windows x86 - WinExec() Command Parameter Shellcode (104+ bytes)
Windows x86 - Download File + Execute Shellcode (226+ bytes)
Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53) Shellcode (275 bytes) (Generator)
Windows XP - Download File + Execute Shellcode
Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes)
Windows XP - Download File + Execute Null-Free Shellcode
Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes)
Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Windows x64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes)
Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes)
Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes)
Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA Shellcode
Linux/x86 - Pverwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes)
Windows XP SP3 x86 - ShellExecuteA Shellcode
Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes)
Win32/XP SP2 - calc.exe Shellcode (45 bytes)
Windows XP SP3 x86 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode
FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes)
Windows XP SP2 x86 - calc.exe Shellcode (45 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe Shellcode (23 bytes)
Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes)
Linux/x86 - break chroot Shellcode (79 bytes)
Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot _..._) + execve /bin/sh Shellcode (79 bytes)
Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes)
Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes)
Win32 XP SP2 (FR) - calc Shellcode (19 bytes)
Windows XP SP2 x86 (French) - calc Shellcode (19 bytes)
Linux/x86 - bin/cat /etc/passwd Shellcode (43 bytes)
Win32 XP SP3 (English) - cmd.exe Shellcode (26 bytes)
Win32 XP SP2 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - /bin/sh Shellcode (8 bytes)
Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes)
Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes)
Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes)
Linux/x86 - execve /bin/sh Shellcode (8 bytes)
Linux/x86 - disabled modsecurity Shellcode (64 bytes)
Win32 - JITed Stage-0 Shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 (ITA) - calc.exe Shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - Disabled modsecurity Shellcode (64 bytes)
Windows x86 - JITed Stage-0 Shellcode
Windows x86 - JITed exec notepad Shellcode
Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes)
Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd Shellcode (12 bytes)
Win32 - MessageBox Shellcode (Metasploit)
Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows x86 - MessageBox Shellcode (Metasploit)
Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode
Linux/x86 - chmod(_/etc/shadow__ 0666) Shellcode (36 bytes)
Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode
Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Genearator With Customizable Text)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes)
Linux - write() + exit(0) Shellcode (Generator)
Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes)
Linux/x86 - Sends _Phuck3d!_ To All Terminals Shellcode (60 bytes)
Windows XP SP2 (FR) - Download File + Execute Shellcode
Windows XP SP2 (French) - Download File + Execute Shellcode
Linux/x86 - Disable randomize stack addresse Shellcode (106 bytes)
Linux/x86 - Disable ASLR Security Shellcode Shellcode (106 bytes)
Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes)
Linux/x86 - change mode 0777 of '/etc/shadow' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes)
Linux/x86 - change mode 0777 of '/etc/passwd' with sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes)
Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes)
Solaris/x86 - Sync() + reboot() + exit(0) Shellcode (48 bytes)
Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes)
Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Windows XP SP3 (SPA) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes)
Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes)
Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)
Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes)
Linux/ARM - chmod(_/etc/shadow__ 0777) Shellcode (35 bytes)
Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes)
Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes)
Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind Shell 64533 Shellcode (97 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes)
Linux - setreuid(0_0) execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 - 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Shellcode
Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes)
Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes)
Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode
Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes)
Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes)
ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator)
Win32 - Write-to-file Shellcode (278 bytes)
Windows x86 - Write-to-file Null-Free Shellcode (278 bytes)
Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes)
Linux/x86 - /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 English - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes)
Win32 - Checksum Routine Shellcode (18 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes)
Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes)
Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes)
BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes)
Windows x86 - Checksum Routine Shellcode (18 bytes)
Win32/XP SP3 (TR) - Add Administrator 'zrl' Shellcode (127 bytes)
Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)
Win32/XP Professional SP3 (EN) x86 - Add New Local Administrator 'secuid0' Shellcode (113 bytes)
Win32 - Add New Local Administrator 'secuid0' Shellcode (326 bytes)
Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
ARM - Bind Connect (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader Port 0x1337 Shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 Shellcode
ARM - Bind (68/UDP) + Reverse Shell (192.168.0.1:67/UDP) Shellcode
ARM - Loader (0x1337/TCP) Shellcode
ARM - ifconfig eth0 192.168.0.2 up Shellcode
ARM - Create a New User with UID 0 Shellcode (Metasploit) (Generator) (66+ bytes)
Win32 - Speaking 'You got pwned!' Shellcode
FreeBSD/x86 - connect back Shellcode (81 bytes)
BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes)
Win32 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - WinExec Add New Local Administrator 'RubberDuck' + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
Windows 5.0 < 7.0 x86 - Speaking _You got pwned!_ Null-Free Shellcode
FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator)
BSD/x86 - Bind TCP Shell (31337/TCP) + fork Shellcode (111 bytes)
Windows x86 - eggsearch Shellcode (33 bytes)
Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)
Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69 bytes)
OSX/Intel (x86-64) - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes)
Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)
Linux/x86 - Disable ASLR Security Shellcode (83 bytes)
Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit)
Linux/x86 - Reverse TCP SSL Shell (localhost:8080) Shellcode (422 bytes)
Win32/PerfectXp-pc1/SP3 (TR) - Add Administrator 'kpss' Shellcode (112 bytes)
Linux/x86 - Egghunter Shellcode (29 bytes)
Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)
Linux/x86 - Egghunter Null-Free Shellcode (29 bytes)
Linux/MIPS - XOR Encoder Shellcode (Generator) (60 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - XOR Encoder Shellcode (60 bytes) (Generator)
Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes)
Linux/MIPS - Add User(UID 0) (rOOt/'pwn3d) Shellcode (164 bytes)
Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes)
Linux/MIPS - Connectback Shellcode (port 0x7a69) (168 bytes)
Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes)
Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode
Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes)
Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) Shellcode (41 bytes)
Linux/ARM (Raspberry Pi) - chmod 0777 /etc/shadow Shellcode (41 bytes)
Windows XP Professional SP3 - Full ROP calc Shellcode (428 bytes)
Windows x64 - Bind TCP Shell Shellcode (508 bytes)
Windows XP Professional SP3 - calc Full ROP Shellcode (428 bytes)
Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes)
Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)
Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes)
Windows RT ARM - Bind Shell 4444/TCP Shellcode
Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode
Windows - Messagebox Shellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes)
Windows - Add Administrator 'BroK3n' Shellcode (194 bytes)
Windows - Messagebox Null-FreeShellcode (113 bytes)
Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes)
Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 Bytes)
Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes)
Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes)
Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes)
Linux/x86-64 - Bind TCP Password (Z~r0) Shell (4444/TCP) Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) Shell (127.0.0.1:4444/TCP) Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd Shellcode (55 bytes)
Windows XP x86-64 - Download File + Execute Shellcode (Generator)
Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)
Linux/MIPS (Little Endian) - chmod 666 /etc/passwd Shellcode (55 bytes)
Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated Shellcode (84 bytes)
Linux/x86 - execve(_/bin/sh_) ROT13 Encoded Shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes)
Linux/x86 - Reverse TCP Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes)
Linux/x86 - Disable ASLR Shellcode (84 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333) Shellcode (72 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes)
Linux/x86 - Disable ASLR Security Shellcode (84 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create 'my.txt' Working Directory Shellcode (37 bytes)
Linux/x86 - Typewriter Shellcode (Generator)
Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes)
Win32/XP SP3 - Create ('file.txt') Shellcode (83 bytes)
Win32/XP SP3 - Restart computer Shellcode (57 bytes)
Linux/x86 - custom execve Shellcode (Encoder/Decoder) (Generator)
Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes)
Windows XP SP3 x86 - Restart Computer Shellcode (57 bytes)
Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator)
Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes)
Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (2) (21 bytes)
Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes)
Linux/x86 - execve /bin/sh Shellcode (21 bytes)
Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes)
Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes)
Linux/x86 - chmod('/etc/passwd'_0777) Shellcode (42 bytes)
Linux/x86 - chmod('/etc/gshadow') Shellcode (37 bytes)
Linux/x86 - chmod('/etc/shadow'_'0777') Shellcode (42 bytes)
Linux/x86 - exec('/bin/dash') Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes)
Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes)
Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes)
Linux/x86 - exec(_/bin/dash_) Shellcode (45 bytes)
Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode
Win32/XP SP3 (TR) - MessageBox Shellcode (24 bytes)
Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode
Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes)
Windows x86 - user32!MessageBox 'Hello World!' Null-Free Shellcode (199 bytes)
Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode
Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes)
Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode
OSX/x86-64 - /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes)
OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes)
Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes)
Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator)
Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator)
OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes)
Linux/x86-64 - /bin/sh Shellcode (34 bytes)
Google Android - Telnetd Port 1035 with Parameters Shellcode (248 bytes)
OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (34 bytes)
Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes)
Linux/x86-64 - Bind TCP Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator) (Python)
Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Password (hack) Shell (4444/TCP) Shellcode (162 bytes)
Windows XP < 10 - WinExec Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Shellcode (151 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes)
Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes)
Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes)
Linux x86/x86-64 - Bind Shell (4444/TCP) Shellcode (251 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Polymorphic Shell (127.0.0.1:4444/TCP) Shellcode (135 bytes)
Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes)
Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes)
Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)
Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes)
Linux/x86 - Reverse TCP Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind 1472/TCP Shell (IPv6) Shellcode (1250 bytes)
Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86-64 - Bind 1472/TCP Shell (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Windows .Net Framework x86 - Execute Native x86 Shellcode
Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes)
Linux/x86 - Bind Shell 1234/TCP (Configurable Port) Shellcode (87 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator)
Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes)
Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes)
Linux/Windows/BSD x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes)
Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)
Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes)
Linux/x86 - /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shellcode (64 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat (4442/TCP) Shell / SSL / Multi-Channel (4444/TCP-4447/TCP) / Persistant / Fork / IPv4/6 / Password Shellcode (176 bytes)
Linux/x86 - Reverse TCP Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Shellcode (172 bytes)
Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode
Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes)
Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes)
Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes)
Linux/x86 - Reverse TCP /bin/sj Shell (192.168.227.129:4444) Shellcode (75 bytes)
Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes)
Linux/x86-64 - Bind TCP (4442/TCP) Shell / Syscall Persistent / Multi-Terminal (4444/TCP-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes)
Linux/CRISv32 - Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes)
Linux/x86 - Bind Netcat 98/TCP + UDP Shellcode (44/52 bytes)
Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes)
Linux/x86 - Reverse TCP ZSH (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes)
Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes)
Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes)
Windows x64 - WinExec() Shellcode (93 bytes)
Windows x64 - cmd.exe WinExec() Shellcode (93 bytes)
Linux/x86-64 - /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)
Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes)
Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes)
Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes)
Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (Genearator) (129 bytes)
Linux/x86 - Reverse TCP Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes)
Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator)
Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes)
Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes)
Windows x86 - Executable Directory Search Shellcode (130 bytes)
Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes)
Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Polymorphic Shell (127.0.0.1:1234) Shellcode (106 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes)
Linux/x86 - Bind Shell Shellcode (44 bytes)
Linux/x86 - Bind TCP /bin/sh Random Port Shell Shellcode (44 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Shellcode (67 bytes)
Linux/x86 - Reverse /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes)
Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321) Shellcode (110 bytes)
Linux/x86 - Disable ASLR Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Shellcode (113 bytes)
Linux/x86 - Disable ASLR Security Shellcode (80 bytes)
Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)
Linux/x86-64 - /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)
Linux/x86 - Reverse UDP Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind Shell 4444/TCP Shellcode (75 bytes)
Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)
Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes)
Linux x86 - /bin/sh Shellcode (24 bytes)
Linux x86 - execve /bin/sh Shellcode (24 bytes)
Linux/x86_64 - kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)
Php Cloud mining Script - Authentication Bypass
(Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass
|
||
|
Offensive Security
|
a9e80c57e9 |
DB: 2016-07-18
164 new exploits
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
Mandrake Linux 8.2 - /usr/mail Local Exploit
Microsoft Windows Media Services - (nsiislog.dll) Remote Exploit
Microsoft Windows - (RPC DCOM) Remote Exploit (48 Targets)
Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit
Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)
Eudora 6.0.3 Attachment Spoofing Exploit (windows)
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Ping of Death Remote Denial of Service Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)
Microsoft Internet Explorer Remote Null Pointer Crash (mshtml.dll)
CVSTrac Remote Arbitrary Code Execution Exploit
LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit
IPD (Integrity Protection Driver) Local Exploit
Bird Chat 1.61 - Denial of Service
D-Link DCS-900 Camera Remote IP Address Changer Exploit
GD Graphics Library Heap Overflow Proof of Concept Exploit
vBulletin LAST.php SQL Injection
miniBB - Input Validation Hole ('user')
phpBB highlight Arbitrary File Upload (Santy.A)
Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)
PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
ZeroBoard Worm Source Code
Invision Power Board <= 1.3.1 - Login.php SQL Injection
Veritas Backup Exec Remote File Access Exploit (windows)
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047)
PHP-Nuke <= 7.8 - Search Module Remote SQL Injection Exploit
SGI IRIX <= 6.5.28 - (runpriv) Design Error
Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit
Microsoft Internet Explorer 7 Popup Address Bar Spoofing Weakness
Microsoft Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
Invision Community Blog Mod 1.2.4 - SQL Injection
Microsoft Windows - (MessageBox) Memory Corruption Local Denial of Service
Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit
PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit
Microsoft Internet Explorer - Recordset Double Free Memory Exploit (MS07-009)
phpGalleryScript 1.0 - (init.gallery.php include_class) RFI
Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection
DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service PoC
Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF Exploit
Woltlab Burning Board Addon JGS-Treffen SQL Injection
pSys 0.7.0.a (shownews) Remote SQL Injection
JAMM CMS (id) Remote Blind SQL Injection Exploit
Clever Copy 3.0 (results.php) Remote SQL Injection Exploit
GLLCTS2 (listing.php sort) Remote Blind SQL Injection Exploit
PHPMyCart (shop.php cat) Remote SQL Injection
Cartweaver 3 (prodId) Remote Blind SQL Injection Exploit
Oxygen 2.0 (repquote) Remote SQL Injection
MyMarket 1.72 - BlindSQL Injection Exploit
easyTrade 2.x - (detail.php id) Remote SQL Injection
CaupoShop Classic 1.3 - (saArticle[ID]) Remote SQL Injection
AcmlmBoard 1.A2 (pow) Remote SQL Injection
Catviz 0.4.0 beta1 - Multiple Remote SQL Injection Vulnerabilities
DZCP (deV!L_z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit
Webspell 4 (Auth Bypass) SQL Injection
Microsoft Internet Explorer 7 - Memory Corruption PoC (MS09-002)
kloxo 5.75 - Multiple Vulnerabilities
Microsoft Office Web Components (Spreadsheet) ActiveX BoF PoC
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)
mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X)
eWebeditor Directory Traversal
eWebeditor ASP Version - Multiple Vulnerabilities
Radasm .rap file Local Buffer Overflow
Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes)
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) shellcode (38 bytes)
Joomla Component com_event - SQL Injection
Aix - execve /bin/sh (88 bytes)
BSD - Passive Connection Shellcode
bsd/PPC - execve /bin/sh (128 bytes)
bsd/x86 - setuid/execve shellcode (30 bytes)
bsd/x86 - setuid/portbind shellcode (94 bytes)
bsd/x86 - execve /bin/sh multiplatform (27 bytes)
bsd/x86 - execve /bin/sh setuid (0) (29 bytes)
bsd/x86 - portbind port 31337 (83 bytes)
bsd/x86 - portbind port random (143 bytes)
bsd/x86 - break chroot (45 bytes)
bsd/x86 - execve /bin/sh Crypt /bin/sh (49 bytes)
bsd/x86 - execve /bin/sh ENCRYPT* (57 bytes)
bsd/x86 - connect (93 bytes)
bsd/x86 - cat /etc/master.passwd | mail [email] (92 bytes)
bsd/x86 - reverse portbind (129 bytes)
bsdi/x86 - execve /bin/sh (45 bytes)
bsdi/x86 - execve /bin/sh (46 bytes)
AIX - execve /bin/sh shellcode (88 bytes)
BSD - Passive Connection Shellcode (124 bytes)
BSD/PPC - execve /bin/sh shellcode (128 bytes)
BSD/x86 - setuid(0) then execve /bin/sh shellcode (30 bytes)
BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) shellcode (29 bytes)
BSD/x86 - portbind port 31337 shellcode (83 bytes)
BSD/x86 - portbind port random shellcode (143 bytes)
BSD/x86 - break chroot shellcode (45 bytes)
BSD/x86 - execve /bin/sh Crypt /bin/sh shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* shellcode (57 bytes)
BSD/x86 - connect torootteam.host.sk:2222 shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] shellcode (92 bytes)
BSD/x86 - reverse 6969 portbind shellcode (129 bytes)
BSDi/x86 - execve /bin/sh shellcode (45 bytes)
BSDi/x86 - execve /bin/sh shellcode (46 bytes)
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (1)
bsdi/x86 - execve /bin/sh toupper evasion (97 bytes)
FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging)
freebsd/x86 - setreuid_ execve(pfctl -d) (56 bytes)
freebsd/x86 - connect back.send.exit /etc/passwd (112 bytes)
freebsd/x86 - kill all processes (12 bytes)
freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes)
freebsd/x86 - /bin/cat /etc/master.passwd (NULL free) (65 bytes)
freebsd/x86 - reverse portbind /bin/sh (89 bytes)
freebsd/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
freebsd/x86 - encrypted shellcode /bin/sh (48 bytes)
freebsd/x86 - portbind 4883 with auth shellcode
freebsd/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
freebsd/x86 - execve /bin/sh (23 bytes)
freebsd/x86 - execve /bin/sh (2) (23 bytes)
freebsd/x86 - execve /bin/sh (37 bytes)
freebsd/x86 - kldload /tmp/o.o (74 bytes)
freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes)
freebsd/x86 - execve /tmp/sh (34 bytes)
freebsd/x86 - connect (102 bytes)
freebsd/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
freebsd/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode generator null byte free
Linux/x86 - generate portbind payload
Windows XP SP1 - portbind payload (Generator)
/bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - shellcode null free (Generator)
Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator)
iOS Version-independent shellcode
Cisco IOS - Connectback Shellcode
Cisco IOS - Bind Shellcode 1.0 (116 bytes)
Cisco IOS - Tiny Shellcode
Cisco IOS - Shellcode And Exploitation Techniques (BlackHat)
HPUX - execve /bin/sh (58 bytes)
Linux/amd64 - flush iptables rules shellcode (84 bytes)
Linux/amd64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes)
BSDi/x86 - execve /bin/sh toupper evasion shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh shellcode (Anti-Debugging) (140 bytes)
FreeBSD/x86 - setreuid_ execve(pfctl -d) shellcode (56 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes)
FreeBSD/x86 - kill all processes shellcode (12 bytes)
FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes)
FreeBSD/x86 - portbind 4883 with auth shellcode (222 bytes)
FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (37 bytes)
FreeBSD/x86 - kldload /tmp/o.o shellcode (74 bytes)
FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh shellcode (44 bytes)
FreeBSD/x86 - execve /tmp/sh shellcode (34 bytes)
FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes)
FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode null byte free (Generator)
Linux/x86 - portbind payload shellcode (Generator)
Windows XP SP1 - portbind payload shellcode (Generator)
(Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - cmd shellcode null free (Generator)
(Generator) - Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Win32 - Multi-Format Shellcode Encoding Tool (Generator)
iOS - Version-independent shellcode
Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Bind Shellcode Password Protected (116 bytes)
Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password)
HPUX - execve /bin/sh shellcode (58 bytes)
Linux/x86-64 - flush iptables rules shellcode (84 bytes)
Linux/x86-64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind shellcode (276 bytes)
Linux/MIPS - execve /bin/sh (56 bytes)
Linux/PPC - execve /bin/sh (60 bytes)
Linux/MIPS - execve /bin/sh shellcode (56 bytes)
Linux/PPC - execve /bin/sh shellcode (60 bytes)
Linux/PPC - connect back execve /bin/sh (240 bytes)
Linux/PPC - execve /bin/sh (112 bytes)
Linux/SPARC - connect back (216 bytes)
Linux/SPARC - portbind port 8975 (284 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh shellcode (240 bytes)
Linux/PPC - execve /bin/sh shellcode (112 bytes)
Linux/SPARC - connect back (192.168.100.1:2313) shellcode (216 bytes)
Linux/SPARC - portbind port 8975 shellcode (284 bytes)
Linux/x86 - Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F (176 bytes)
Linux/x86 - bindport 8000 & add user with root access (225+ bytes)
Linux/x86 - Bind ASM Code Linux (179 bytes)
Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes)
Serial port shell binding & busybox Launching shellcode
Linux/x86 - File unlinker (18+ bytes)
Linux/x86 - Perl script execution (99+ bytes)
Linux/x86 - file reader (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) (30 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) shellcode (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) shellcode (49 bytes)
Linux/x86 - Serial port shell binding & busybox Launching shellcode (82 bytes)
Linux/x86 - File unlinker shellcode (18+ bytes)
Linux/x86 - Perl script execution shellcode (99+ bytes)
Linux/x86 - file reader shellcode (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) shellcode (30 bytes)
Linux/x86 - PUSH reboot() (30 bytes)
Linux/x86 - PUSH reboot() shellcode (30 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 (295 bytes)
Linux/x86 - edit /etc/sudoers for full access (86 bytes)
Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access shellcode (86 bytes)
Linux/x86 - Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} (12 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} shellcode (12 bytes)
Linux/x86 - connect back_ download a file and execute (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode
Linux/x86 - connect back.send.exit /etc/shadow (155 bytes)
Linux/x86 - writes a php connectback shell to the fs (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell (235 bytes)
Linux/x86 - /sbin/iptables -F (40 bytes)
Linux/x86 - kill all processes (11 bytes)
Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode (39 bytes)
Linux/x86 - connect back (Port )8192.send.exit /etc/shadow shellcode (155 bytes)
Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem shellcode (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped shellcode (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off shellcode (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell shellcode (235 bytes)
Linux/x86 - /sbin/iptables -F shellcode (40 bytes)
Linux/x86 - kill all processes shellcode (11 bytes)
Linux/x86 - /sbin/ipchains -F (40 bytes)
Linux/x86 - set system time to 0 and exit (12 bytes)
Linux/x86 - add root user r00t with no password to /etc/passwd (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow (36 bytes)
Linux/x86 - forkbomb (7 bytes)
Linux/x86 - /sbin/ipchains -F shellcode (40 bytes)
Linux/x86 - set system time to 0 and exit shellcode (12 bytes)
Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow shellcode (36 bytes)
Linux/x86 - forkbomb shellcode (7 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) (28 bytes)
Linux/x86 - execve(/bin/sh) (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes)
Linux/x86 - executes command after setreuid (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode
Linux/x86 - setuid(0) + execve(/bin/sh) shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) shellcode (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() shellcode (111+ bytes)
Linux/x86 - executes command after setreuid shellcode (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode (39 bytes)
Linux/x86 - setuid/portbind shellcode (96 bytes)
Linux/x86 - portbind (define your own port) (84 bytes)
Linux/x86 - setuid/portbind (Port 31337) shellcode (96 bytes)
Linux/x86 - portbind (2707) shellcode (84 bytes)
Linux/x86 - SET_PORT() portbind (100 bytes)
Linux/x86 - SET_IP() Connectback Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) (24 bytes)
Linux/x86 - xor-encoded Connect Back Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header (27 bytes)
Linux/x86 - SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store shellcode (99 bytes)
Linux/x86 - Password Authentication portbind Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes)
Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) shellcode (24 bytes)
Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header shellcode (27 bytes)
Linux/x86 - /tmp/swr to SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store from /tmp/sws shellcode (99 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) shellcode (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP shellcode (68+ bytes)
Linux/x86 - execve /bin/sh anti-ids (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID (41 bytes)
Linux/x86 - execve /bin/sh (encoded by +1) (39 bytes)
Linux/x86 - Adduser without Password to /etc/passwd (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() (32 bytes)
Linux/x86 - execve /bin/sh anti-ids shellcode (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID shellcode (41 bytes)
Linux/x86 - execve /bin/sh shellcode (encoded by +1) (39 bytes)
Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) shellcode (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() shellcode (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) shellcode (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() shellcode (32 bytes)
Linux/x86 - normal exit with random (so to speak) return value (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit (4 bytes)
Linux/x86 - reboot() (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console (63 bytes)
Linux/x86 - normal exit with random (so to speak) return value shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) shellcode (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)
Linux/x86 - reboot() shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console shellcode (63 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); (29 bytes)
Linux/x86 - _exit(1); (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) (36 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); shellcode (29 bytes)
Linux/x86 - _exit(1); shellcode (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) shellcode (36 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (45 bytes)
Linux/x86 - chroot & standart (66 bytes)
Linux/x86 - upload & exec (189 bytes)
Linux/x86 - setreuid/execve (31 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload shellcode (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (45 bytes)
Linux/x86 - chroot & standart shellcode (66 bytes)
Linux/x86 - upload & exec shellcode (189 bytes)
Linux/x86 - setreuid/execve shellcode (31 bytes)
Linux/x86 - Radically Self Modifying Code (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code (76 bytes)
Linux/x86 - execve code (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less (45 bytes)
Linux/x86 - symlink /bin/sh xoring (56 bytes)
Linux/x86 - portbind port 5074 toupper (226 bytes)
Linux/x86 - add user t00r ENCRYPT (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT (75 bytes)
Linux/x86 - symlink . /bin/sh (32 bytes)
Linux/x86 - kill snort (151 bytes)
Linux/x86 - shared memory exec (50 bytes)
Linux/x86 - iptables -F (45 bytes)
Linux/x86 - iptables -F (58 bytes)
Linux/x86 - Reverse telnet (134 bytes)
Linux/x86 - connect (120 bytes)
Linux/x86 - chmod 666 /etc/shadow (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy (126 bytes)
Linux/x86 - eject /dev/cdrom (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 (132 bytes)
Linux/x86 - ipchains -F (49 bytes)
Linux/x86 - chmod 666 /etc/shadow (82 bytes)
Linux/x86 - execve /bin/sh (29 bytes)
Linux/x86 - execve /bin/sh (24 bytes)
Linux/x86 - execve /bin/sh (38 bytes)
Linux/x86 - execve /bin/sh (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) (50 bytes)
Linux/x86 - portbind port 5074 (92 bytes)
Linux/x86 - portbind port 5074 + fork() (130 bytes)
Linux/x86 - add user t00r (82 bytes)
Linux/x86 - add user (104 bytes)
Linux/x86 - break chroot (34 bytes)
Linux/x86 - break chroot (46 bytes)
Linux/x86 - break chroot execve /bin/sh (80 bytes)
Linux/x86 - execve /bin/sh encrypted (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion (41 bytes)
execve of /bin/sh after setreuid(0_0)
Linux - chroot()/execve() code (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion (55 bytes)
Linux/x86 - add user (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh (132 bytes)
Linux/x86_64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86_64 - execve(/bin/sh) (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes)
Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes)
Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes)
netbsd/x86 - kill all processes shellcode (23 bytes)
netbsd/x86 - callback shellcode (port 6666) (83 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes)
netbsd/x86 - execve /bin/sh (68 bytes)
openbsd/x86 - execve(/bin/sh) (23 bytes)
openbsd/x86 - portbind port 6969 (148 bytes)
openbsd/x86 - add user w00w00 (112 bytes)
OS-X/ppc - sync()_ reboot() (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes)
OS-X/PPC - Add user r00t (219 bytes)
OS-X/PPC - execve /bin/sh (72 bytes)
OS-X/PPC - add inetd backdoor (222 bytes)
OS-X/PPC - reboot (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes)
OS-X/PPC - create /tmp/suid (122 bytes)
OS-X/PPC - simple write() (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes)
sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes)
Solaris/SPARC - download and execute (278 bytes)
Solaris/SPARC - executes command after setreuid (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes)
Solaris/SPARC - setreuid/execve (56 bytes)
Solaris/SPARC - portbind (port 6666) (240 bytes)
Solaris/SPARC - execve /bin/sh (52 bytes)
Solaris/SPARC - portbind port 6789 (228 bytes)
Solaris/SPARC - connect-back (204 bytes)
Solaris/SPARC - portbinding shellcode
Linux/x86 - Radically Self Modifying Code shellcode (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code shellcode (76 bytes)
Linux/x86 - execve code shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); shellcode (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric shellcode (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring shellcode (56 bytes)
Linux/x86 - portbind port 5074 toupper shellcode (226 bytes)
Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh shellcode (32 bytes)
Linux/x86 - kill snort shellcode (151 bytes)
Linux/x86 - shared memory exec shellcode (50 bytes)
Linux/x86 - iptables -F shellcode (45 bytes)
Linux/x86 - iptables -F shellcode (58 bytes)
Linux/x86 - Reverse telnet shellcode (134 bytes)
Linux/x86 - connect shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy shellcode (126 bytes)
Linux/x86 - eject /dev/cdrom shellcode (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 shellcode (132 bytes)
Linux/x86 - ipchains -F shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (82 bytes)
Linux/x86 - execve /bin/sh shellcode (29 bytes)
Linux/x86 - execve /bin/sh shellcode (24 bytes)
Linux/x86 - execve /bin/sh shellcode (38 bytes)
Linux/x86 - execve /bin/sh shellcode (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) shellcode (50 bytes)
Linux/x86 - portbind port 5074 shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() shellcode (130 bytes)
Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user shellcode (104 bytes)
Linux/x86 - break chroot shellcode (34 bytes)
Linux/x86 - break chroot shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh shellcode (80 bytes)
Linux/x86 - execve /bin/sh encrypted shellcode (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted shellcode (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion shellcode (41 bytes)
Linux/x86 - execve of /bin/sh after setreuid(0_0) shellcode (46+ bytes)
Linux/x86 - chroot()/execve() code shellcode (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes)
Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes)
Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh shellcode (38 bytes)
NetBSD/x86 - kill all processes shellcode (23 bytes)
NetBSD/x86 - callback shellcode (port 6666) (83 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (30 bytes)
NetBSD/x86 - execve /bin/sh shellcode (68 bytes)
OpenBSD/x86 - execve(/bin/sh) ( shellcode 23 bytes)
OpenBSD/x86 - portbind port 6969 shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ (112 shellcode bytes)
OS-X/PPC - sync()_ reboot() shellcode (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() shellcode (72 bytes)
OS-X/PPC - Add user _r00t_ shellcode (219 bytes)
OS-X/PPC - execve /bin/sh shellcode (72 bytes)
OS-X/PPC - Add inetd backdoor shellcode (222 bytes)
OS-X/PPC - reboot shellcode (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh shellcode (88 bytes)
OS-X/PPC - create /tmp/suid shellcode (122 bytes)
OS-X/PPC - simple write() shellcode (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm shellcode (141 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL); shellcode (43 bytes)
Solaris/SPARC - download and execute shellcode (278 bytes)
Solaris/SPARC - executes command after setreuid shellcode (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) shellcode (600 bytes)
Solaris/SPARC - setreuid/execve shellcode (56 bytes)
Solaris/SPARC - portbind (port 6666) shellcode (240 bytes)
Solaris/SPARC - execve /bin/sh shellcode (52 bytes)
Solaris/SPARC - portbind port 6789 shellcode (228 bytes)
Solaris/SPARC - connect-bac shellcode k (204 bytes)
Solaris/SPARC - portbinding shellcode (240 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion (84 bytes)
Solaris/x86 - add services and execve inetd (201 bytes)
Unixware - execve /bin/sh (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell
Win32/XP SP2 (EN) - cmd.exe (23 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes)
Solaris/x86 - Add services and execve inetd shellcode (201 bytes)
UnixWare - execve /bin/sh shellcode (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell shellcode
Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes)
Win32 -SEH omelet shellcode
Win32 - telnetbind by Winexec (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe (32 bytes)
Win32/XP SP2 - cmd.exe (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute (124 bytes)
Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box (110 bytes)
Win32 - WinExec() Command Parameter (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - useradd shellcode for russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method (29 bytes)
Windows 9x/NT/2000/XP - PEB method (31 bytes)
Windows 9x/NT/2000/XP - PEB method (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec (241 bytes)
Windows XP - download and exec source
Windows XP SP1 - Portshell on port 58821 (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute (218+ bytes)
Linux/x86 - kill all processes (9 bytes)
Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes)
Linux - setuid(0) and cat /etc/shadow
Linux - chmod(/etc/shadow_ 0666) & exit() (33 bytes)
Linux - Linux/x86 execve() (51bytes)
Win32 - SEH omelet shellcode
Win32 - telnetbind by Winexec shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes)
Win32/XP SP2 - cmd.exe shellcode (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric shellcode (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) shellcode (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box shellcode (110 bytes)
Win32 - WinExec() Command Parameter shellcode (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec shellcode (241 bytes)
Windows XP - download and exec source shellcode
Windows XP SP1 - Portshell on port 58821 shellcode (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute shellcode (218+ bytes)
Linux/x86 - kill all processes shellcode (9 bytes)
Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) shellcode (47 bytes)
Linux/x86 - setuid(0) and cat /etc/shadow shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) & exit() shellcode (33 bytes)
Linux/x86 - Linux/x86 execve() shellcode (51 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux - setreuid (0_0) & execve(/bin/rm /etc/shadow)
Win32 XP SP3 - addFirewallRule
freebsd/x86 - portbind shellcode (167 bytes)
Win32/XP SP2 - calc.exe (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes)
Linux/x86 - chmod 666 /etc/shadow (27 bytes)
Linux/x86 - break chroot (79 bytes)
Linux/x86 - fork bomb (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() (107 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode (56 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode
FreeBSD/x86 - portbind (Port 1337) shellcode (167 bytes)
Win32/XP SP2 - calc.exe shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() shellcode (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (27 bytes)
Linux/x86 - break chroot shellcode (79 bytes)
Linux/x86 - fork bomb shellcode (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - eject /dev/cdrom (42 bytes)
Win32 XP SP2 FR - calc (19 bytes)
Linux/x86 - eject /dev/cdrom shellcode (42 bytes)
Win32 XP SP2 FR - calc shellcode (19 bytes)
Linux/x86 - ip6tables -F (47 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
Linux - bin/cat /etc/passwd (43 bytes)
Win32 XP SP3 English - cmd.exe (26 bytes)
Win32 XP SP2 Turkish - cmd.exe (26 bytes)
Linux/x86 - /bin/sh (8 bytes)
Linux/x86 - execve /bin/sh (21 bytes)
Windows XP Home Edition SP2 English - calc.exe (37 bytes)
Windows XP Home Edition SP3 English - calc.exe (37 bytes)
Linux/x86 - disabled modsecurity (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - ip6tables -F shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) shellcode (64 bytes)
Linux/i686 - pacman -R <package> shellcode (59 bytes)
Linux/x86 - bin/cat /etc/passwd shellcode (43 bytes)
Win32 XP SP3 English - cmd.exe shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe shellcode (26 bytes)
Linux/x86 - /bin/sh shellcode (8 bytes)
Linux/x86 - execve /bin/sh shellcode (21 bytes)
Windows XP Home Edition SP2 English - calc.exe shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe shellcode (37 bytes)
Linux/x86 - disabled modsecurity shellcode (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox (Metasploit)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox shellcode (Metasploit)
chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
execve(_/bin/sh_) shellcode (25 bytes)
DoS-Badger-Game shellcode (6 bytes)
SLoc-DoS shellcode (55 bytes)
execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
chmod(_/etc/shadow__ 0777) Shellcode(33 bytes)
chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
Linux/x86-64 - execve(_/bin/sh_) shellcode (25 bytes)
Linux/x86 - DoS-Badger-Game shellcode (6 bytes)
Linux/x86 - SLoc-DoS shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - polymorphic forkbombe (30 bytes)
Linux/x86 - forkbomb
setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86_64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) (27 bytes)
Linux/x86 - polymorphic forkbombe shellcode (30 bytes)
Linux/x86 - forkbomb shellcode (6 bytes)
Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86-64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) shellcode (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) shellcode (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) shellcode (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) shellcode (27 bytes)
Solaris/x86 - Reboot() (37 bytes)
Solaris/x86 - Remote Download file (79 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Solaris/x86 - Reboot() shellcode (37 bytes)
Solaris/x86 - Remote Download file shellcode (79 bytes)
Linux/x86 - Disable randomize stack addresse shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes)
Linux/x86 - kill all running process (11 bytes)
change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - kill all running process shellcode (11 bytes)
Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)
Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Solaris/x86 - SystemV killall command (39 bytes)
Linux/x86 - hard / unclean reboot shellcode (29 bytes)
Linux/x86 - hard / unclean reboot shellcode (33 bytes)
Solaris/x86 - SystemV killall command shellcode (39 bytes)
Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/x86 - give all user root access when execute /bin/sh shellcode (45 bytes)
Linux/x86 - netcat connect back port 8080 (76 bytes)
Linux/x86 - netcat connect back port 8080 shellcode (76 bytes)
Windows - MessageBoxA Shellcode
Windows - MessageBoxA Shellcode (238 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) (48 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) shellcode (48 bytes)
Linux/x86_64 - Disable ASLR Security (143 bytes)
Linux/x86-64 - Disable ASLR Security shellcode (143 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) shellcode (131 bytes)
Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes)
Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) shellcode (63 bytes)
Linux/x86_64 - Add root user with password (390 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ shellcode (390 bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) shellcode (28 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) shellcode (30 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) shellcode (84 bytes)
Linux/ARM - Disable ASLR Security (102 bytes)
Linux/ARM - Disable ASLR Security shellcode (102 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded (78 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded shellcode (78 bytes)
Linux/x86 - bind shell port 64533 (97 bytes)
Linux/x86 - bind shell port 64533 shellcode (97 bytes)
Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode (161 bytes)
Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)
Linux - 125 bind port to 6778 XOR encoded polymorphic
Linux - 125 bind port to 6778 XOR encoded polymorphic shellcode (125 bytes)
Linux - nc -lp 31337 -e /bin//sh polymorphic shellcode (91 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic shellcode (91 bytes)
Win32 - Write-to-file Shellcode
Win32 - Write-to-file Shellcode (278 bytes)
Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) shellcode (49 bytes)
Linux/x86 - netcat bindshell port 8080 (75 bytes)
Linux/x86 - netcat bindshell port 8080 shellcode (75 bytes)
Mini-Stream RM-MP3 Converter 3.1.2.1 - (.pls) Stack Buffer Overflow universal
PHP-Nuke 8.1 SEO Arabic - Remote File Include
bds/x86 - bindshell on port 2525 shellcode (167 bytes)
BSD/x86 - bindshell on port 2525 shellcode (167 bytes)
Win32 - Shellcode Checksum Routine (18 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (27 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (27 bytes)
Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit
Audiotran 1.4.2.4 SEH Overflow Exploit
Joomla Component (com_elite_experts) SQL Injection
Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)
Traidnt UP - Cross-Site Request Forgery Add Admin Account
Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes)
Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)
HP Data Protector Media Operations NULL Pointer Dereference Remote DoS
AnyDVD <= 6.7.1.0 - Denial of Service
ARM - Bindshell port 0x1337
ARM - Bind Connect UDP Port 68
ARM - Loader Port 0x1337
ARM - ifconfig eth0 and Assign Address
ARM - Bindshell port 0x1337shellcode
ARM - Bind Connect UDP Port 68 shellcode
ARM - Loader Port 0x1337 shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode
Linux/ARM - add root user with password (151 bytes)
Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)
OS-X/Intel - setuid shell x86_64 (51 bytes)
OS-X/Intel - setuid shell x86_64 shellcode (51 bytes)
Create a New User with UID 0 - ARM (Metasploit)
ARM - Create a New User with UID 0 shellcode (Metasploit) (Generator) (66+ bytes)
Windows Win32k Pointer Dereferencement PoC (MS10-098)
Win32 - speaking shellcode
bds/x86 - connect back Shellcode (81 bytes)
bds/x86 - portbind + fork shellcode (111 bytes)
bsd/x86 - connect back Shellcode (81 bytes)
BSD/x86 - 31337 portbind + fork shellcode (111 bytes)
Win32 - eggsearch shellcode (33 bytes)
Arkeia Backup Client Type 77 - Overflow (Win32)
Oracle 9i XDB FTP PASS Overflow (Win32)
SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow
SHTTPD <= 1.34 - URI-Encoded POST Request Overflow (Win32)
Icecast <= 2.0.1 - Header Overwrite (Win32)
McAfee ePolicy Orchestrator / ProtectionPilot Overflow
Oracle 9i XDB HTTP PASS Overflow (Win32)
Linux/SuperH - sh4 - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) (43 bytes)
Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes)
Linux/x86 - netcat bindshell port 6666 (69 bytes)
Linux/x86 - netcat bindshell port 6666 shellcode (69 bytes)
OS-X/Intel - reverse_tcp shell x86_64 (131 bytes)
OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)
Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes)
Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)
Linux/x86 - ASLR deactivation (83 bytes)
Linux/x86 - ASLR deactivation shellcode (83 bytes)
Linux/x86 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - ConnectBack with SSL connection shellcode (422 bytes)
SuperH (sh4) - Add root user with password (143 bytes)
Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)
Linux/MIPS - execve (52 bytes)
Linux/MIPS - execve shellcode (52 bytes)
QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS
Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) shellcode (27 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/MIPS - execve /bin/sh shellcode (48 bytes)
Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)
Linux/x86_64 - execve(/bin/sh) (52 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (52 bytes)
Linux/MIPS - reboot() (32 bytes)
Linux/MIPS - reboot() shellcode (32 bytes)
GdiDrawStream BSoD using Safari
Linux/x86 - Polymorphic ShellCode - setuid(0)+setgid(0)+add user 'iph' without password to /etc/passwd
Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd
Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes)
Linux/x86 - Search For php/html Writable Files and Add Your Code shellcode (380+ bytes)
Linux/x86_64 - add user with passwd (189 bytes)
Linux/x86-64 - Add user _t0r_ with password _Winner_ shellcode (189 bytes)
Linux/x86 - execve(/bin/dash) (42 bytes)
Linux/x86 - execve(/bin/dash) shellcode (42 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow shellcode (57 bytes)
Microsoft Windows Kernel - Intel x64 SYSRET PoC
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes)
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) shellcode (41 bytes)
Windows XP Pro SP3 - Full ROP calc shellcode
Windows XP Pro SP3 - Full ROP calc shellcode (428 bytes)
Novell Client 2 SP3 - nicm.sys Local Privilege Escalation
MIPS Little Endian - Shellcode
MIPS - (Little Endian) system() Shellcode (80 bytes)
Windows RT ARM - Bind Shell (Port 4444)
Windows RT ARM - Bind Shell (Port 4444) shellcode
Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation
Linux/x86 - Multi-Egghunter
Linux/x86 - Multi-Egghunter shellcode
MIPS Little Endian - Reverse Shell Shellcode (Linux)
Linux/MIPS - (Little Endian) Reverse Shell (192.168.1.177:31337) Shellcode (200 bytes)
Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation
Windows - Add Admin User Shellcode (194 bytes)
Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)
OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation
MQAC.sys Arbitrary Write Privilege Escalation
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes)
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh shellcode (378 bytes)
VirtualBox 3D Acceleration Virtual Machine Escape
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)
Connect Back (139 bytes)
Linux/x86-64 - Connect Back shellcode (139 bytes)
Linux/x86 - Add map in /etc/hosts file
Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) shellcode (77 bytes)
Microsoft Bluetooth Personal Area Networking - (BthPan.sys) Privilege Escalation
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Position independent & Alphanumeric 64-bit execve(_/bin/sh\0__NULL_NULL); (87 bytes)
Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); shellcode (87 bytes)
Offset2lib: Bypassing Full ASLR On 64 bit Linux
Linux/x86 - rmdir (37 bytes)
Linux/x86 - rmdir shellcode (37 bytes)
Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password)
Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password)
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Linux/MIPS - execve (36 bytes)
Linux/MIPS - execve /bin/sh shellcode (36 bytes)
Windows XP x86-64 - Download & execute (Generator)
Windows XP x86-64 - Download & execute shellcode (Generator)
Linux Kernel <= 3.17.5 - IRET Instruction #SS Fault Handling Crash PoC
Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow (55 bytes)
Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes)
Reads Data From /etc/passwd To /tmp/outfile (118 bytes)
Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile shellcode (118 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) (68 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) (40 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated shellcode (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 shellcode (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes)
Linux/x86 - Reverse TCP Shell (72 bytes)
Linux/x86 - TCP Bind Shell (96 bytes)
Linux/x86 - Reverse TCP Shell shellcode (72 bytes)
Linux/x86 - TCP Bind Shel shellcode l (96 bytes)
Linux - Disable ASLR (84 bytes)
Linux/x86 - Disable ASLR shellcode (84 bytes)
Linux/x86 - Egg-hunter (20 bytes)
Linux/x86 - Egg-hunter shellcode (20 bytes)
Create 'my.txt' Working Directory (37 bytes)
Linux/x86 - Create 'my.txt' Working Directory shellcode (37 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) (49 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) shellcode (49 bytes)
Win32/XP SP3 - Create (_file.txt_) (83 bytes)
Win32/XP SP3 - Restart computer
Linux - custom execve-shellcode Encoder/Decoder
Win32/XP SP3 - Create (_file.txt_) shellcode (83 bytes)
Win32/XP SP3 - Restart computer shellcode (57 bytes)
Linux/x86 - custom execve-shellcode Encoder/Decoder
Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86 - exit(0) (6 bytes)
Linux/x86 - exit(0) shellcode (6 bytes)
Windows 8.0 < 8.1 x64 - TrackPopupMenu Privilege Escalation (MS14-058)
Linux/x86 - chmod() 777 /etc/shadow & exit() (33 bytes)
Linux/x86 - chmod() 777 /etc/shadow & exit() shellcode (33 bytes)
Linux/x86 - /etc/passwd Reader (58 bytes)
Linux/x86 - /etc/passwd Reader shellcode (58 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 (60 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) shellcode (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 shellcode (60 bytes)
Linux/x86_64 - execve(/bin/sh) (30 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (30 bytes)
Linux/x86 - Download & Execute
Linux/x86 - Reboot (28 bytes)
Linux/x86 - Download & Execute shellcode
Linux/x86 - Reboot shellcode (28 bytes)
Linux/x86 - execve /bin/sh (23 bytes)
Linux/x86 - execve /bin/sh shellcode (23 bytes)
Linux 64bit - Encoded execve shellcode
Linux/x86-64 - Encoded execve shellcode (57 bytes)
encoded 64 bit execve shellcode
Linux/x86-64 - encoded execve shellcode (57 bytes)
Win32/XP SP3 (TR) - MessageBox (24 bytes)
Win32/XP SP3 (TR) - MessageBox shellcode (24 bytes)
Windows XP SP3 x86 / 2003 SP2 x86 - NDProxy Privilege Escalation (MS14-002)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)
Symantec Endpoint Protection Manager Authentication Bypass and Code Execution
Adobe Flash XMLSocket Destructor Not Cleared Before Setting User Data in connect
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Windows 2003 x64 - Token Stealing shellcode (59 bytes)
OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
Mainframe/System Z - Bind Shell
Mainframe/System Z - Bind Shell shellcode (2488 bytes)
ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC
Linux/x86 - execve(/bin/bash) (31 bytes)
Linux/x86 - execve(/bin/bash) shellcode (31 bytes)
Linux/x86 - Create file with permission 7775 and exit (Shell Generator)
Linux/x86 - Create file with permission 7775 and exit shellcode (Generator)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) shellcode (75 bytes)
OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)
Linux/x86_64 - /bin/sh
Linux/x86-64 - /bin/sh shellcode
Android Shellcode Telnetd with Parameters
Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)
Microsoft Windows - Font Driver Buffer Overflow (MS15-078)
Linux/x86_64 - execve Shellcode (22 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)
Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation
Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)
Linux/x86_64 - Bindshell with Password (92 bytes)
Linux/x86-64 - Bindshell with Password shellcode (92 bytes)
Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution
Linux/x64 - egghunter (24 bytes)
Linux/x86-64 - egghunter shellcode (24 bytes)
Linux/x86_64 - Polymorphic execve Shellcode (31 bytes)
Linux/x86-64 - Polymorphic execve Shellcode (31 bytes)
Windows XP<10 - Null-Free WinExec Shellcode (Python)
Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010)
Adobe Flash Selection.SetSelection - Use-After-Free
Adobe Flash Sound.setTransform - Use-After-Free
Linux/x64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86_64 - bind TCP port shellcode (103 bytes)
TCP Bindshell with Password Prompt (162 bytes)
Linux/x86-64 - bind TCP port shellcode (103 bytes)
Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)
TCP Reverse Shell with Password Prompt (151 bytes)
Linux/x86-64 - TCP Reverse Shell with Password Prompt shellcode (151 bytes)
Linux/x86_64 - Egghunter (18 bytes)
Linux/x86 - Egg-hunter (13 bytes)
Linux/x86-64 - Egghunter shellcode (18 bytes)
Linux/x86 - Egg-hunter shellcode (13 bytes)
Adobe Flash - Use-After-Free When Setting Stage
Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux x86 & x86_64 - reverse_tcp Shellcode
Linux x86 & x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 & x86_64 - tcp_bind Shellcode
Linux x86 & x86_64 - Read etc/passwd Shellcode
Linux x86 & x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 & x86_64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (1) (122 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode
Linux/x86_64 - Polymorphic Execve-Stack (47 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode (135 bytes)
Linux/x86-64 - Polymorphic Execve-Stack shellcode (47 bytes)
Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040)
Linux/ARM - Connect back to {ip:port} with /bin/sh (95 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh shellcode (95 bytes)
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Microsoft Windows 7 x64 - afd.sys Privilege Escalation (MS14-040)
Linux/x86_64 - Reverse Shell Shellcode
Linux/x86-64 - Reverse Shell Shellcode
Linux/x86_64 - execve(/bin/sh) (26 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (26 bytes)
Linux/x86_64 - execve(/bin/sh) (25 bytes)
Linux/x86_64 - execve(/bin/bash) (33 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (25 bytes)
Linux/x86-64 - execve(/bin/bash) shellcode (33 bytes)
Linux/x86_64 - bindshell (Pori: 5600) (81 bytes)
Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes)
Linux/x86_64 - Read /etc/passwd (65 bytes)
Linux/x86-64 - Read /etc/passwd shellcode (65 bytes)
Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)
Linux/x86_64 - bindshell (Port 5600) (86 bytes)
Linux/x86-64 - bindshell (Port 5600) shellcode (86 bytes)
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6)
Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes)
Linux/x86 - Bind TCP Port 1472 (IPv6) shellcode (1250 bytes)
Linux/x64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Linux/x86-64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Win32 .Net Framework - Execute Native x86 Shellcode
Linux/x86_64 - Bind TCP Port 1472 (IPv6)
Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)
Linux/x86_64 - Reverse TCP (IPv6)
Linux/x86-64 - Reverse TCP shellcode (IPv6) (203 bytes)
Linux/x86 - Bindshell with Configurable Port (87 bytes)
Linux/x86 - Bindshell with Configurable Port shellcode (87 bytes)
Linux/x86_64 - Null-Free Reverse TCP Shell
Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)
Linux/x86_64 - Information Stealer Shellcode
Linux/x86-64 - Information Stealer Shellcode (399 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (656 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)
Linux/x86_64 - XOR Encode execve Shellcode
Linux/x86-64 - XOR Encode execve Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)
Windows x86 - system(_systeminfo_) Shellcode
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)
Windows - Custom Font Disable Policy Bypass
PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit)
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)
Linux/x86_64 - /etc/passwd File Sender Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)
Windows 7 SP1 x86 - Privilege Escalation (MS16-014)
Linux 64bit - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86 - TCP Bind Shell Port 4444 (98 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)
Linux 64bit - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes)
Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password shellcode (172 bytes)
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 shellcode (68 bytes)
|
Renamed from platforms/mips/shellcode/27132.txt (Browse further)