exploit-db-mirror

Author	SHA1	Message	Date
Offensive Security	aedf107ce9	DB: 2018-12-20 12 changes to exploits/shellcodes MiniShare Server 1.3.2 - Remote Denial of Service MiniShare 1.3.2 - Remote Denial of Service MiniShare 1.5.5 - Local Buffer Overflow (SEH) MiniShare 1.5.5 - 'users.txt' Local Buffer Overflow (SEH) Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure PassFab RAR 9.3.2 - Buffer Overflow (SEH) LanSpy 2.0.1.159 - Local Buffer Overflow PDF Explorer 1.5.66.2 - Buffer Overflow (SEH) MiniShare HTTP 1.5.5 - Remote Buffer Overflow MiniShare 1.5.5 - Remote Buffer Overflow MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password) Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit) Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting Integria IMS 5.0.83 - Cross-Site Request Forgery Bolt CMS < 3.6.2 - Cross-Site Scripting Yeswiki Cercopitheque - 'id' SQL Injection IBM Operational Decision Manager 8.x - XML External Entity Injection Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)	2018-12-20 05:01:43 +00:00
Offensive Security	a07949d1c7	DB: 2018-12-12 21 changes to exploits/shellcodes SmartFTP Client 9.0.2623.0 - Denial of Service (PoC) LanSpy 2.0.1.159 - Local Buffer Overflow (PoC) XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection McAfee True Key - McAfee.TrueKey.Service Privilege Escalation DomainMOD 4.11.01 - Cross-Site Scripting DomainMOD 4.11.01 - 'raid' Cross-Site Scripting Tourism Website Blog - Remote Code Execution / SQL Injection Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery PrestaShop 1.6.x/1.7.x - Remote Code Execution DomainMOD 4.11.01 - Cross-Site Scripting PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion TP-Link wireless router Archer C1200 - Cross-Site Scripting Huawei B315s-22 - Information Leak ZTE ZXHN H168N - Improper Access Restrictions Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure IceWarp Mail Server 11.0.0.0 - Cross-Site Scripting Apache OFBiz 16.11.05 - Cross-Site Scripting HotelDruid 2.3.0 - 'id_utente_mod' SQL Injection WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection ThinkPHP 5.0.23/5.1.31 - Remote Code Execution Adobe ColdFusion 2018 - Arbitrary File Upload Linux/x86 - execve(/usr/bin/ncat -lvp 1337 -e /bin/bash)+Null-Free Shellcode (95 bytes)	2018-12-12 05:01:43 +00:00
Offensive Security	60710bbfd9	DB: 2018-12-05 19 changes to exploits/shellcodes Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption Wireshark - 'find_signature' Heap Out-of-Bounds Read Xorg X11 Server (AIX) - Local Privilege Escalation Emacs - movemail Privilege Escalation (Metasploit) OpenSSH < 7.7 - User Enumeration (2) HP Intelligent Management - Java Deserialization RCE (Metasploit) Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage KeyBase Botnet 1.5 - SQL Injection Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting NUUO NVRMini2 3.9.1 - Authenticated Command Injection DomainMOD 4.11.01 - Registrar Cross-Site Scripting FreshRSS 1.11.1 - Cross-Site Scripting Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)	2018-12-05 05:01:44 +00:00
Offensive Security	3a7153b2ac	DB: 2018-11-14 24 changes to exploits/shellcodes CuteFTP Mac 3.1 - Denial of Service (PoC) Evince 3.24.0 - Command Injection Cisco Immunet < 6.2.0 / Cisco AMP For Endpoints 6.2.0 - Denial of Service XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode) xorg-x11-server < 1.20.1 - Local Privilege Escalation Data Center Audit 2.6.2 - 'username' SQL Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Paroiciel 11.20 - 'tRecIdListe' SQL Injection Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting Paroiciel 11.20 - 'tRecIdListe' SQL Injection The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection The Don 1.0.1 - 'login' SQL Injection Facturation System 1.0 - 'modid' SQL Injection GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection GPS Tracking System 2.12 - 'username' SQL Injection ServerZilla 1.0 - 'email' SQL Injection Nominas 0.27 - 'username' SQL Injection CentOS Web Panel 0.9.8.740 - Cross-Site Request Forgery / Cross-Site Scripting Surreal ToDo 0.6.1.2 - SQL Injection Surreal ToDo 0.6.1.2 - Local File Inclusion Alienor Web Libre 2.0 - SQL Injection Musicco 2.0.0 - Arbitrary Directory Download Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Tina4 Stack 1.0.3 - SQL Injection / Database File Download Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) Easyndexer 1.0 - Arbitrary File Download ABC ERP 0.6.4 - Cross-Site Request Forgery (Update Admin) Gumbo CMS 0.99 - SQL Injection Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin) Webiness Inventory 2.3 - SQL Injection SIPve 0.0.2-R19 - SQL Injection Linux/x86 - Bind (99999/TCP) NetCat Traditional (/bin/nc) Shell (/bin/bash) Shellcode (58 bytes)	2018-11-14 05:01:43 +00:00
Offensive Security	ef70ec156b	DB: 2018-10-31 22 changes to exploits/shellcodes ZyXEL VMG3312-B10B < 1.00(AAPP.7) - Credential Disclosure QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC) SIPp 3.3.990 - Local Buffer Overflow (PoC) R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass) xorg-x11-server 1.20.3 - Privilege Escalation Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit) Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Electricks eCommerce 1.0 - 'prodid' SQL Injection phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection Webiness Inventory 2.9 - Arbitrary File Upload NETGEAR WiFi Router R6120 - Credential Disclosure MyBB Downloads 2.0.3 - SQL Injection Expense Management 1.0 - Arbitrary File Upload University Application System 1.0 - SQL Injection / Cross-Site Request Forgery (Add Admin) Notes Manager 1.0 - Arbitrary File Upload Instagram Clone 1.0 - Arbitrary File Upload Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection CI User Login and Management 1.0 - Arbitrary File Upload Windows/x64 - Remote (Bind TCP) Keylogger Shellcode (864 bytes) (Generator)	2018-10-31 05:01:53 +00:00
Offensive Security	dac8dd4731	DB: 2018-10-25 15 changes to exploits/shellcodes Adult Filter 1.0 - Denial of Service (PoC) Microsoft Data Sharing - Local Privilege Escalation (PoC) Webmin 1.5 - Web Brute Force (CGI) exim 4.90 - Remote Code Execution School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection School ERP Pro+Responsive 1.0 - 'fid' SQL Injection SIM-PKH 2.4.1 - 'id' SQL Injection MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection SG ERP 1.0 - 'info' SQL Injection Fifa Master XLS 2.3.2 - 'usw' SQL Injection Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Apache OFBiz 16.11.04 - XML External Entity Injection D-Link Routers - Command Injection D-Link Routers - Plaintext Password D-Link Routers - Directory Traversal Linux/x86 - execve(/bin/cat /etc/ssh/sshd_config) Shellcode 44 Bytes	2018-10-25 05:01:46 +00:00
Offensive Security	b311000a22	DB: 2018-10-09 16 changes to exploits/shellcodes net-snmp 5.7.3 - Unauthenticated Denial of Service (PoC) net-snmp 5.7.3 - Authenticated Denial of Service (PoC) Linux - Kernel Pointer Leak via BPF Android - sdcardfs Changes current->fs Without Proper Locking 360 3.5.0.1033 - Sandbox Escape Git Submodule - Arbitrary Code Execution Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit) Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit) Cisco Prime Infrastructure - Unauthenticated Remote Code Execution Unitrends UEB - HTTP API Remote Code Execution (Metasploit) Navigate CMS - Unauthenticated Remote Code Execution (Metasploit) FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Imperva SecureSphere 13 - Remote Command Execution Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes) Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)	2018-10-09 05:01:44 +00:00
Offensive Security	89530e070b	DB: 2018-10-05 5 changes to exploits/shellcodes virtualenv 16.0.0 - Sandbox Escape NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR) LayerBB Forum 1.1.1 - 'search_query' SQL Injection Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)	2018-10-05 05:02:07 +00:00
Offensive Security	6efd01d5b6	DB: 2018-09-27 5 changes to exploits/shellcodes TransMac 12.2 - Denial of Service (PoC) CrossFont 7.5 - Denial of Service (PoC) Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)	2018-09-27 05:01:58 +00:00
Offensive Security	ed0e1e4d44	DB: 2018-09-25 1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)	2018-09-25 05:01:51 +00:00
Offensive Security	3bbc91c16a	DB: 2018-09-21 2 changes to exploits/shellcodes NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)	2018-09-21 05:01:43 +00:00
Offensive Security	29542c36ab	DB: 2018-09-19 7 changes to exploits/shellcodes Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) Microsoft Edge Chakra - 'PathTypeHandlerBase::SetAttributesHelper' Type Confusion Microsoft Edge Chakra JIT - 'localeCompare' Type Confusion Solaris - libnspr NSPR_LOG_FILE Privilege Escalation (Metasploit) NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet) Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution HongCMS 3.0.0 - SQL Injection HongCMS 3.0.0 - (Authenticated) SQL Injection Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting Linux/ARM - Jump Back Shellcode + execve(_/bin/sh__ NULL_ NULL) Shellcode (4 Bytes)	2018-09-19 05:01:45 +00:00
Offensive Security	c1b7aa12fc	DB: 2018-09-15 10 changes to exploits/shellcodes CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC) InfraRecorder 0.53 - '.txt' Denial of Service (PoC) Faleemi Plus 1.0.2 - Denial of Service (PoC) Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH) Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit) Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes) Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)	2018-09-15 05:01:52 +00:00
Offensive Security	14bdc56535	DB: 2018-09-05 6 changes to exploits/shellcodes iSmartViewPro 1.5 - 'DDNS' Buffer Overflow Logicspice FAQ Script 2.9.7 - Remote Code Execution PHP File Browser Script 1 - Directory Traversal Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection mooSocial Store Plugin 2.6 - SQL Injection Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (20 Bytes)	2018-09-05 05:01:52 +00:00
Offensive Security	011bb3564a	DB: 2018-08-31 8 changes to exploits/shellcodes NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC) Nord VPN 6.14.31 - Denial of Service (PoC) Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting DLink DIR-601 - Credential Disclosure WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Linux/ARM - read(0_ buf_ 0xff) stager + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes)	2018-08-31 05:01:57 +00:00
Offensive Security	444206a6be	DB: 2018-08-30 21 changes to exploits/shellcodes NASA openVSP 3.16.1 - Denial of Service (PoC) Immunity Debugger 1.85 - Denial of Service (PoC) ipPulse 1.92 - 'TCP Port' Denial of Service (PoC) Fathom 2.4 - Denial Of Service (PoC) Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC) Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC) HD Tune Pro 5.70 - Denial of Service (PoC) Drive Power Manager 1.10 - Denial Of Service (PoC) Easy PhotoResQ 1.0 - Denial Of Service (PoC) Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC) SIPP 3.3 - Stack-Based Buffer Overflow R 3.4.4 - Buffer Overflow (SEH) Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure phpMyAdmin 4.7.x - Cross-Site Request Forgery Episerver 7 patch 4 - XML External Entity Injection Argus Surveillance DVR 4.0.0.0 - Directory Traversal Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes) Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes) Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)	2018-08-30 05:01:54 +00:00
Offensive Security	1e34c2b6a5	DB: 2018-08-14 11 changes to exploits/shellcodes IP Finder 1.5 - Denial of Service (PoC) Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC) PLC Wireless Router GPN2.4P21-C-CN - Denial of Service Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC) Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow PostgreSQL 9.4-0.5.3 - Privilege Escalation Android - Directory Traversal over USB via Injection in blkid Output Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit) Monstra-Dev 3.0.4 - Cross-Site Request Forgery(Account Hijacking) Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking) IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)	2018-08-14 05:01:45 +00:00
Offensive Security	3aca47020d	DB: 2018-08-04 10 changes to exploits/shellcodes FTPShell Client 5.24 - Add to Favorites Buffer Overflow FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow FTPShell Client 5.24 - Create NewFolder Local Buffer Overflow FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow Wedding Slideshow Studio 1.36 - Buffer Overflow Linux Kernel - UDP Fragmentation Offset 'UFO' Privilege Escalation (Metasploit) Chartered Accountant : Auditor Website 2.0.1 - Cross-Site Scripting Auditor Website 2.0.1 - Cross-Site Scripting Basic B2B Script 2.0.0 - Cross-Site Scripting Entrepreneur Job Portal Script 3.0.1 - Cross-Site Scripting PHP Template Store Script 3.0.6 - Cross-Site Scripting Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal Linux/x86 - Reverse TCP (::FFFF:192.168.1.5:4444/TCP) Shell (/bin/sh) + Null-Free + IPv6 Shellcode (86 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (128 Bytes)	2018-08-04 05:01:46 +00:00
Offensive Security	903bf974eb	DB: 2018-08-02 10 changes to exploits/shellcodes ipPulse 1.92 - 'Licence Key' Denial of Service (PoC) Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC) WebRTC - VP8 Block Decoding Use-After-Free WebRTC - FEC Processing Overflow WebRTC - H264 NAL Packet Processing Type Confusion Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH) Axis Network Camera - .srv to parhand RCE (Metasploit) SonicWall Global Management System - XMLRPC set_time_zone Command Injection (Metasploit) Synology DiskStation Manager 4.1 - Directory Traversal Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)	2018-08-02 05:02:43 +00:00
Offensive Security	300aada6a5	DB: 2018-07-24 7 changes to exploits/shellcodes Windows Speech Recognition - Buffer Overflow Knox Software Arkeia 4.0 - Backup Local Overflow Knox Arkeia 4.0 Backup - Local Overflow Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH) Knox Arkeia Backup Client 5.3.3 (OSX) - Type 77 Overflow (Metasploit) Knox Arkeia Backup Client 5.3.3 Type 77 (OSX) - Overflow (Metasploit) Microsoft Windows - 'dnslint.exe' Drive-By Download NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution Davolink DVW 3200 Router - Password Disclosure Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router) Linux/x86 - Bind (4444/TCP) Shell + IPv6 Shellcode (100 bytes)	2018-07-24 05:01:45 +00:00
Offensive Security	1f88d0a67a	DB: 2018-07-18 10 changes to exploits/shellcodes Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials QNAP Q'Center - change_passwd Command Execution (Metasploit) Nanopool Claymore Dual Miner - APIs RCE (Metasploit) Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Linux/x64 - Reverse (::1:1337/TCP) Shell (/bin/sh) + IPv6 + Password (pwnd) Shellcode (115 bytes)	2018-07-18 05:01:47 +00:00
Offensive Security	a657b64301	DB: 2018-07-17 7 changes to exploits/shellcodes macOS/iOS - JavaScript Injection Bug in OfficeImporter Linux/Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Microsoft Enterprise Mode Site List Manager - XML External Entity Injection Hadoop YARN ResourceManager - Unauthenticated Command Execution (Metasploit) Hadoop YARN ResourceManager - Command Execution (Metasploit) VelotiSmart WiFi B-380 Camera - Directory Traversal Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting Linux/ARM - Bind (1234/TCP) Shell (/bin/sh) Shellcode (104 bytes)	2018-07-17 05:01:49 +00:00
Offensive Security	727943f775	DB: 2018-07-10 8 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH) Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow HP VAN SDN Controller - Root Command Injection (Metasploit) HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) GitList 0.6.0 - Argument Injection (Metasploit) Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Linux/x86 - Kill Process Shellcode (20 bytes)	2018-07-10 05:01:55 +00:00
Offensive Security	d659af98fd	DB: 2018-07-05 5 changes to exploits/shellcodes ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution CMS Made Simple 2.2.5 - Remote Code Execution Online Trade - Information Disclosure ShopNx - Arbitrary File Upload	2018-07-05 05:01:52 +00:00
Offensive Security	e8a3702c6c	DB: 2018-07-03 11 changes to exploits/shellcodes Core FTP LE 2.2 - Buffer Overflow (PoC) SIPp 3.6 - Local Buffer Overflow (PoC) Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC) Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection FTPShell client 6.70 (Enterprise edition) - Stack Buffer Overflow (Metasploit) Nagios XI 5.2.6-5.4.12 - Chained Remote Code Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'testaction.cgi' Remote Command Execution (Metasploit) Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit) VMware NSX SD-WAN Edge < 3.1.2 - Command Injection DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Dolibarr ERP CRM < 7.0.3 - PHP Code Injection Linux/x86 - Execve /bin/cat /etc/passwd Shellcode (37 bytes)	2018-07-03 05:01:48 +00:00
Offensive Security	0381c4c519	DB: 2018-06-09 11 changes to exploits/shellcodes Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service WebKit - WebAssembly Compilation Info Leak Google Chrome - Integer Overflow when Processing WebAssembly Locals WebKit - Use-After-Free when Resuming Generator WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2) Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure MantisBT 1.2.3 (db_type) - Local File Inclusion Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution Mantis 0.19 - Remote Server-Side Script Execution Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x - New Account Signup Mass Emailing Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x - New Account Signup Mass Emailing Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection MantisBT 1.2.19 - Host Header Mantis Bug Tracker 1.2.19 - Host Header MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit) Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1) Monstra CMS < 3.0.4 - Cross-Site Scripting Automation Monstra CMS < 3.0.4 - Cross-Site Scripting XiongMai uc-httpd 1.0.0 - Buffer Overflow Splunk < 7.0.1 - Information Disclosure Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes) Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)	2018-06-09 05:01:42 +00:00
Offensive Security	0f18636d14	DB: 2018-06-01 9 changes to exploits/shellcodes Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion TAC Xenta 511/911 - Directory Traversal New STAR 2.1 - SQL Injection / Cross-Site Scripting PHP Dashboards NEW 5.5 - 'email' SQL Injection CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting Grid Pro Big Data 1.0 - SQL Injection Linux/x86 - EggHunter + access() Shellcode (38 bytes) Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes) Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)	2018-06-01 05:01:45 +00:00
Offensive Security	9fd8680103	DB: 2018-05-29 11 changes to exploits/shellcodes ALFTP 5.31 - Local Buffer Overflow (SEH Bypass) CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass) Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass DomainMod 4.09.03 - 'oid' Cross-Site Scripting DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting Wordpress Plugin Events Calendar - SQL Injection Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery wityCMS 0.6.1 - Cross-Site Scripting Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)	2018-05-29 05:01:46 +00:00
Offensive Security	c0126aa27f	DB: 2018-05-25 16 changes to exploits/shellcodes DynoRoot DHCP - Client Command Injection DynoRoot DHCP Client - Command Injection Microsoft Internet Explorer 11 (Windows 7 x64/x86) - vbscript Code Execution Flash ActiveX 18.0.0.194 - Code Execution Microsoft Internet Explorer 11 - javascript Code Execution Flash ActiveX 28.0.0.137 - Code Execution (1) Flash ActiveX 28.0.0.137 - Code Execution (2) GNU glibc < 2.27 - Local Buffer Overflow NewsBee CMS 1.4 - Cross-Site Request Forgery ASP.NET jVideo Kit - 'query' SQL Injection PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting OpenDaylight - SQL Injection Timber 1.1 - Cross-Site Request Forgery Honeywell XL Web Controller - Cross-Site Scripting EU MRV Regulatory Complete Solution 1 - Authentication Bypass Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes) Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)	2018-05-25 05:01:45 +00:00
Offensive Security	54b5ed8407	DB: 2018-05-24 31 changes to exploits/shellcodes WordPress Core - 'load-scripts.php' Denial of Service WordPress Core - 'load-scripts.php' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Broadcom BCM43xx Wi-Fi - 'BroadPWN' Denial of Service Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free FTPShell Server 6.80 - Denial of Service Siemens SCALANCE S613 - Remote Denial of Service Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) Photodex ProShow Gold 4 (Windows XP SP3) - '.psh' Universal Buffer Overflow (SEH) WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service FTPShell Server 6.80 - Buffer Overflow (SEH) SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC) Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting EasyService Billing 1.0 - 'p1' SQL Injection MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection PHP Dashboards 4.5 - 'email' SQL Injection Mobile Card Selling Platform 1 - Cross-Site Request Forgery PHP Dashboards 4.5 - SQL Injection Online Store System CMS 1.0 - SQL Injection Gigs 2.0 - 'username' SQL Injection GPSTracker 1.0 - 'id' SQL Injection Shipping System CMS 1.0 - SQL Injection Wecodex Store Paypal 1.0 - SQL Injection SAT CFDI 3.3 - SQL Injection School Management System CMS 1.0 - 'username' SQL Injection Library CMS 1.0 - SQL Injection Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Mcard Mobile Card Selling Platform 1 - SQL Injection Honeywell Scada System - Information Disclosure NewsBee CMS 1.4 - Cross-Site Request Forgery SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change WordPress Plugin Peugeot Music - Arbitrary File Upload BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Bind (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) BSD/x86 - Reverse (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Reverse (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Bind (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) FreeBSD/x86 - Reverse (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) Linux/x86 - Bind TCP Shell Shellcode (Generator) Windows (XP SP1) - Bind TCP Shell Shellcode (Generator) Linux/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows (XP SP1) - Bind (/TCP) Shell Shellcode (Generator) Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Windows - Reverse (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/x64 - Reverse (/TCP) Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/PPC - Reverse (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/SPARC - Reverse (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind (/TCP) Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Bind (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Reverse (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - Bind (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Reverse (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Reverse TCP Shell Shellcode (90 bytes) (Generator) Linux/x86 - Reverse (/TCP) Shell Shellcode (90 bytes) (Generator) Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Bind (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Reverse (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x86 - Bind (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - Bind (4444/TCP) Shell Shellcode (132 bytes) NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) NetBSD/x86 - Reverse (6666/TCP) Shell Shellcode (83 bytes) OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) OpenBSD/x86 - Bind (6969/TCP) Shell Shellcode (148 bytes) Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/MIPS - Reverse (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - Bind TCP Shell Shellcode (Generator) Solaris/SPARC - Bind (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - Bind (/TCP) Shell Shellcode (240 bytes) Solaris/x86 - Bind (/TCP) Shell Shellcode (Generator) Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows/x86 (5.0 < 7.0) - Bind (28876/TCP) Shell + Null-Free Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86 - Reverse (/TCP) + Download File + Save + Execute Shellcode Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP/2000/2003) - Reverse (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows (XP SP1) - Bind (58821/TCP) Shell Shellcode (116 bytes) FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) FreeBSD/x86 - Bind (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode Linux/x86 - Bind (13377/TCP) Netcat Shell Shellcode Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Reverse (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) Linux/x86 - Bind (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) BSD/x86 - Bind (2525/TCP) Shell Shellcode (167 bytes) Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind (0x1337/TCP) Shell Shellcode Linux/ARM - Bind (68/UDP) Listener + Reverse (192.168.0.1:67/TCP) Shell Shellcode Linux/ARM - Bind (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) FreeBSD/x86 - Reverse (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/x86 - Reverse (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse (/TCP) Shell Shellcode Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/MIPS - Reverse (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x86 - Bind (/TCP) Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind (4444/TCP) Shell Shellcode (508 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Linux/x86 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode Windows/ARM (RT) - Bind (4444/TCP) Shell Shellcode Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows/x86 - Reverse (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Linux/MIPS (Little Endian) - Reverse (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows/x86 (7) - Bind (4444/TCP) Shell Shellcode (357 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Reverse (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) Linux/x86 - Bind (5555/TCP) Netcat Shell Shellcode (60 bytes) Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) Mainframe/System Z - Bind (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) OSX/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Google Android - Bind (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Reverse (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind (4444/TCP) Shell Shellcode (251 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/ARM - Reverse (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Reverse (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (86 bytes) Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86 - Reverse (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x64 - Bind (/TCP) Shell Shellcode (Generator) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x86 - Bind (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind (/TCP) Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x64 - Bind (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x64 - Reverse (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86 - Reverse (127.1.1.1:10/TCP) Xterm Shell Shellcode (68 bytes) Linux/x64 - Bind (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x86 - Bind (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Linux/x86 - Bind (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode OSX/PPC - Reverse (/TCP) Shell (/bin/csh) Shellcode OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) OSX/PPC - Bind (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind (2222/TCP) Shell Shellcode (100 bytes) Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind TCP Shell Shellcode Solaris/SPARC - Bind (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind (/TCP) Shell Shellcode Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Bind (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Reverse (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - Bind TCP Shell Shellcode (112 bytes) Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind (/TCP) Shell Shellcode (112 bytes) Linux/x86 - Reverse (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Bind (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Windows/x86 (NT/XP/2000/2003) - Bind (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes) Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows/x86 - Reverse (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Windows/x64 - Reverse (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - Reverse (/TCP) Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - Bind (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - Bind (5600/TCP) Shell Shellcode (87 bytes) Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes) Linux - Reverse (/TCP) Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind (/TCP) Shell + Dual/Multi Mode Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x64 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows/x86 - Reverse (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/x86 - Reverse (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) Linux/ARM (Raspberry Pi) - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - Bind (/TCP) Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) FreeBSD/x86 - Bind (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) IRIX - Bind (/TCP)Shell (/bin/sh) Shellcode (364 bytes) Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Android/ARM - Reverse (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes) Linux/StrongARM - Bind (/TCP) Shell (/bin/sh) Shellcode (203 bytes) Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/SuperH (sh4) - Bind (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Bind (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/x86 - Bind (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Reverse (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes) Linux/x64 - Bind (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/ARM - Bind (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes) Linux/x86 - Reverse (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x64 - Reverse (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86 - Reverse (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x64 - Reverse (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Reverse (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/ARM (Raspberry Pi) - Bind (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes) Linux/x86 - Reverse TCP (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes) Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Bind (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes) Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)	2018-05-24 05:01:50 +00:00
Offensive Security	2d5885c58b	DB: 2018-05-15 5 changes to exploits/shellcodes 2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service FxCop 10/12 - XML External Entity Injection Microsoft Windows FxCop 10/12 - XML External Entity Injection Apple Safari 3.2.x - 'XXE' Local File Theft Apple Safari 3.2.x - XML External Entity Local File Theft Open-AudIT Community - 2.2.0 – Cross-Site Scripting Open-AudIT Community 2.2.0 - Cross-Site Scripting Monstra CMS 3.0.4 - Remote Code Execution XATABoost 1.0.0 - SQL Injection Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes)	2018-05-15 05:01:47 +00:00
Offensive Security	e7bb9d2985	DB: 2018-05-11 7 changes to exploits/shellcodes Dell Touchpad - 'ApMsgFwd.exe' Denial of Service Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit) Fastweb FASTGate 0.00.47 - Cross-site Request Forgery ModbusPal 1.6b - XML External Entity Injection MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Linux/x86 - Read /etc/passwd Shellcode (62 bytes)	2018-05-11 05:01:46 +00:00
Offensive Security	017887466c	DB: 2018-05-10 4 changes to exploits/shellcodes Allok Video Splitter 3.1.12.17 - Denial of Service GNU wget - Cookie Injection FxCop 10/12 - XML External Entity Injection Palo Alto Networks - readSessionVarsFromFile() Session Corruption (Metasploit) PlaySMS - import.php Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - sendfromfile.php Authenticated _Filename_ Field Code Execution (Metasploit) Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit) PlaySMS - 'import.php' Authenticated CSV File Upload Code Execution (Metasploit) PlaySMS 1.4 - 'sendfromfile.php?Filename' Authenticated 'Code Execution (Metasploit) Linux/x86 - Bind TCP (9443/TCP) Shell + fork() + Null-Free Shellcode (113 bytes)	2018-05-10 05:01:46 +00:00
Offensive Security	a066ef9212	DB: 2018-05-07 11 changes to exploits/shellcodes HWiNFO 5.82-3410 - Denial of Service DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH) CSP MySQL User Manager 2.3.1 - Authentication Bypass WordPress Plugin User Role Editor < 4.25 - Privilege Escalation Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes)	2018-05-07 05:01:44 +00:00
Offensive Security	c249d94cb7	DB: 2018-04-25 28 changes to exploits/shellcodes gif2apng 1.9 - '.gif' Stack Buffer Overflow VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC) Kaspersky KSN for Linux 5.2 - Memory Corruption Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service Adobe Flash - Overflow when Playing Sound Adobe Flash - Overflow in Slab Rendering Adobe Flash - Info Leak in Image Inflation Adobe Flash - Out-of-Bounds Write in blur Filtering Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion R 3.4.4 - Local Buffer Overflow Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH) lastore-daemon D-Bus - Privilege Escalation (Metasploit) Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass) ASUS infosvr - Auth Bypass Command Execution (Metasploit) UK Cookie Consent - Persistent Cross-Site Scripting WUZHI CMS 4.1.0 - Cross-Site Request Forgery Open-AudIT 2.1 - CSV Macro Injection Monstra CMS 3.0.4 - Arbitrary Folder Deletion Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes) Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes) Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes) Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes) Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)	2018-04-25 05:01:39 +00:00
Offensive Security	3339727aed	DB: 2018-04-12 2 changes to exploits/shellcodes Cobub Razor 0.7.2 - Cross Site Request Forgery WolfCMS 0.8.3.1 - Cross Site Request Forgery Cobub Razor 0.7.2 - Cross-Site Request Forgery WolfCMS 0.8.3.1 - Cross-Site Request Forgery KYOCERA Net Admin 3.4 - Cross Site Request Forgery - Add Admin Exploit KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin) iScripts SonicBB 1.0 - Reflected Cross-Site Scripting iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC) Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin User) WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User) WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC) Linux/x64 - x64 Assembly Shellcode (Generator)	2018-04-12 05:01:47 +00:00
Offensive Security	e3fb91f1d7	DB: 2018-03-24 14 changes to exploits/shellcodes Android Bluetooth - BNEP bnep_data_ind() Remote Heap Disclosure Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read Dell EMC NetWorker - Denial of Service WM Recorder 16.8.1 - Denial of Service Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow Crashmail 1.6 - Stack-Based Buffer Overflow ( ROP execve ) Easy CD DVD Copy 1.3.24 - Local Buffer Overflow (SEH) Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 - 170109) - Access Control Bypass TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery XenForo 2 - CSS Loader Denial of Service MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion Linux/x86 - EggHunter Shellcode (11 Bytes)	2018-03-24 05:01:48 +00:00
Offensive Security	dd3b710ae8	DB: 2018-03-21 14 changes to exploits/shellcodes Microsoft Windows Kernel - 'NtQueryVirtualMemory(MemoryMappedFilenameInformation)' 64-bit Pool Memory Disclosure Microsoft Windows Kernel - 'NtQueryInformationThread(ThreadBasicInformation)' 64-bit Stack Memory Disclosure Microsoft Windows Kernel - 'nt!KiDispatchException' 64-bit Stack Memory Disclosure Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure Internet Explorer - 'RegExp.lastMatch' Memory Disclosure Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Linux Kernel < 3.5.0-23 (Ubuntu 12.04.2 x64) - 'SOCK_DIAG' SMEP Bypass Local Privilege Escalation Linux Kernel < 4.4.0-21 (Ubuntu 16.04 x64) - 'netfilter target_offset' Local Privilege Escalation Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation Microsoft Windows - Desktop Bridge VFS Privilege Escalation Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation Intelbras Telefone IP TIP200 LITE - Local File Disclosure Vehicle Sales Management System - Multiple Vulnerabilities Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)	2018-03-21 05:01:50 +00:00
Offensive Security	ae6ab38369	DB: 2018-02-20 3 changes to exploits/shellcodes Aastra 6755i SIP SP4 - Denial of Service October CMS < 1.0.431 - Cross-Site Scripting Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)	2018-02-20 05:01:50 +00:00
Offensive Security	d12dffd438	DB: 2018-02-03 21 changes to exploits/shellcodes Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection Event Manager 1.0 - SQL Injection Fancy Clone Script - 'search_browse_product' SQL Injection Real Estate Custom Script - 'route' SQL Injection Advance Loan Management System - 'id' SQL Injection IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload Joomla! Component JMS Music 1.1.1 - SQL Injection Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal FiberHome AN5506 - Unauthenticated Remote DNS Change Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (104 bytes) Linux/x64 - Egghunter (0xbeefbeef) Shellcode (34 bytes) Linux/x64 - Custom Encoded XOR + execve(/bin/sh) Shellcode Linux/x64 - Custom Encoded XOR + Polymorphic + execve(/bin/sh) Shellcode (Generator) Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode	2018-02-03 05:01:48 +00:00
Offensive Security	acaa042761	DB: 2018-01-29 21 changes to exploits/shellcodes Artifex MuJS 1.0.2 - Denial of Service Artifex MuJS 1.0.2 - Integer Overflow BMC BladeLogic 8.3.00.64 - Remote Command Execution Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection Gnew 2018.1 - Cross-Site Request Forgery Nexpose < 6.4.66 - Cross-Site Request Forgery Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download Task Rabbit Clone 1.0 - 'id' SQL Injection TSiteBuilder 1.0 - SQL Injection Hot Scripts Clone - 'subctid' SQL Injection Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection Buddy Zone 2.9.9 - SQL Injection Netis WF2419 Router - Cross-Site Request Forgery KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery Linux/x86 - Egghunter Shellcode (12 Bytes) Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)	2018-01-29 05:01:45 +00:00
Offensive Security	bd1b51b595	DB: 2018-01-27 9 changes to exploits/shellcodes RAVPower 2.000.056 - Memory Disclosure Acunetix WVS 10 - Local Privilege Escalation NoMachine 5.3.9 - Local Privilege Escalation Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1) Acunetix WVS 10 - Remote Command Execution Exodus Wallet (ElectronJS Framework) - Remote Code Execution BMC BladeLogic 8.3.00.64 - Remote Command Execution Vodafone Mobile Wifi - Reset Admin Password Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload Dodocool DC38 N300 - Cross-site Request Forgery WordPress Plugin Learning Management System - 'course_id' SQL Injection Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)	2018-01-27 05:01:58 +00:00
Offensive Security	cf96346519	DB: 2018-01-25 124 changes to exploits/shellcodes Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC) Samsung DVR SHR2040 - HTTPD Remote Denial of Service Denial of Service (PoC) Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC) Novell ZenWorks 10/11 - TFTPD Remote Code Execution Novell ZENworks 10/11 - TFTPD Remote Code Execution Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service WhitSoft SlimServe HTTPd 1.1 - 'GET_ Denial of Service GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service GoAhead Web Server 2.1 (Windows) - Denial of Service Anti-Web HTTPD 2.2 Script - Engine File Opening Denial of Service Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service Lorex LH300 Series - ActiveX Buffer Overflow (PoC) Debut Embedded httpd 1.20 - Denial of Service Debut Embedded HTTPd 1.20 - Denial of Service Xorg 1.4 < 1.11.2 - File Permission Change X.Org xorg 1.4 < 1.11.2 - File Permission Change Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit) Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit) ICU library 52 < 54 - Multiple Vulnerabilities rooter VDSL Device - Goahead WebServer Disclosure FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow Debian 2.1 - httpd Debian 2.1 - HTTPd Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing Inso DynaWeb httpd 3.1/4.0.2/4.1 - Format String Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String W3C CERN httpd 3.0 Proxy - Cross-Site Scripting W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting ATP httpd 0.4 - Single Byte Buffer Overflow ATP HTTPd 0.4 - Single Byte Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow Light HTTPd 0.1 - GET Buffer Overflow (1) Light HTTPd 0.1 - GET Buffer Overflow (2) Light HTTPd 0.1 - 'GET' Buffer Overflow (1) Light HTTPd 0.1 - 'GET' Buffer Overflow (2) Light HTTPD 0.1 (Windows) - Remote Buffer Overflow Light HTTPd 0.1 (Windows) - Remote Buffer Overflow Ultra Mini HTTPD 1.21 - Remote Stack Buffer Overflow Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow Ultra Mini HTTPD - Remote Stack Buffer Overflow (Metasploit) Ultra Mini HTTPd - Remote Stack Buffer Overflow (Metasploit) BusyBox 1.01 - HTTPD Directory Traversal BusyBox 1.01 - HTTPd Directory Traversal Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2) Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2) Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection Apache mod_cgi - 'Shellshock' Remote Command Injection Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection Apache mod_cgi - 'Shellshock' Remote Command Injection IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit) AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit) GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit) GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit) Getsimple 2.01 - Local File Inclusion Getsimple CMS 2.01 - Local File Inclusion Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) Novell ZENworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit) ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution ManageEngine EventLog Analyzer - Multiple Vulnerabilities ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1) Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) Bash CGI - 'Shellshock' Remote Command Injection (Metasploit) Getsimple 3.0 - 'set' Local File Inclusion Getsimple CMS 3.0 - 'set' Local File Inclusion ZENworks Configuration Management 11.3.1 - Remote Code Execution Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution Kaseya Virtual System Administrator - Multiple Vulnerabilities (1) Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1) Getsimple - 'path' Local File Inclusion Getsimple CMS 3.1.2 - 'path' Local File Inclusion Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit) SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit) ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection BMC Track-It! 11.4 - Multiple Vulnerabilities Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities SysAid Help Desk 14.4 - Multiple Vulnerabilities Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities GetSimple CMS 3.3.1 - Cross-Site Scripting CMS Made Simple 1.11.9 - Multiple Vulnerabilities ManageEngine Desktop Central - Create Administrator ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2) ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes) FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes) FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) Linux/x64 - execve(/bin/sh) Shellcode (33 bytes) NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes) Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes) Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x86 (XP SP3) - ShellExecuteA Shellcode Windows/x86 (XP SP3) - ShellExecuteA() Shellcode Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Windows/x86 - JITed Stage-0 Shellcode Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 (XP SP2) - WinExec(write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 - MessageBox Shellcode (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Windows/x86 - MessageBox Shellcode (Generator) (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Windows/x64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes) Windows/x64 (7) - cmd.exe Shellcode (61 bytes) Windows - MessageBoxA Shellcode (238 bytes) Windows - MessageBoxA() Shellcode (238 bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes) Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes) Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes) Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes) OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator) OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit) Windows/x86 - Eggsearch Shellcode (33 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes) Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x86-64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode Linux/x64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator) Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) Windows/x86 - user32!MessageBox(Hello World!) + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator) Windows/x64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes) OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Linux/x64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - execve() Shellcode (22 bytes) Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes) Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes) Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x64 - execve() Shellcode (22 bytes) Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes) Linux/x64 - execve() + Polymorphic Shellcode (31 bytes) Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x64 - Read /etc/passwd Shellcode (65 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86-64 - Bind TCP Shell Shellcode (Generator) Linux/x64 - Bind TCP Shell Shellcode (Generator) Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes) BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Windows/x86 - MessageBoxA Shellcode (242 bytes) Windows/x86 - MessageBoxA() Shellcode (242 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes) Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x64 - Read /etc/passwd Shellcode (82 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes) Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes) Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes) Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes) Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir() Shellcode (25 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes) Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x64 - mkdir() Shellcode (25 bytes) Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux/x64 - execve(/bin/sh) Shellcode (22 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86-64 - shutdown -h now Shellcode (65 bytes) Linux/x86-64 - shutdown -h now Shellcode (64 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x64 - Execute /bin/sh Shellcode (27 bytes) Linux/x64 - Execute /bin/sh Shellcode (24 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x64 - shutdown -h now Shellcode (65 bytes) Linux/x64 - shutdown -h now Shellcode (64 bytes) Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes) Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) Windows/x86-64 (10) - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2) Windows/x64 (10) - Egghunter Shellcode (45 bytes) Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2) Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Windows - cmd.exe Shellcode (718 bytes) Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/x64 - Kill All Processes Shellcode (19 bytes) Linux/x64 - Fork Bomb Shellcode (11 bytes) Linux/x86-64 - mkdir(evil) Shellcode (30 bytes) Linux/x64 - mkdir(evil) Shellcode (30 bytes) Windows/x86-64 - API Hooking Shellcode (117 bytes) Windows/x64 - API Hooking Shellcode (117 bytes)	2018-01-25 18:22:06 +00:00
Offensive Security	995a8906f1	DB: 2018-01-22 27 changes to exploits/shellcodes Oracle JDeveloper 11.1.x/12.x - Directory Traversal Shopware 5.2.5/5.3 - Cross-Site Scripting CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities PHPFreeChat 1.7 - Denial of Service OTRS 5.0.x/6.0.x - Remote Command Execution DarkComet (C2 Server) - File Upload BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes) FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode HP-UX - execve(/bin/sh) Shellcode (58 bytes) Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes) Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode HP-UX - execve(/bin/sh) Shellcode (58 bytes) Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes) Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes) Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes) Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + ASCII Printable Shellcode (49 bytes) Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode Windows (9x/NT/2000/XP) - PEB method Shellcode (29 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes) Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes) Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes) Windows (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes) Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes) Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes) Windows/x86 (XP SP2) (French) - calc Shellcode (19 bytes) Windows/x86 (XP SP2) (French) - calc.exe Shellcode (19 bytes) Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes) Windows/x86 (XP SP3) (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows/x86 (XP SP3) (Russia) - WinExec(cmd.exe) + ExitProcess Shellcode (12 bytes) Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes) Windows/x86-64 (7) - cmd Shellcode (61 bytes) Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes) Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes) Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes) Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows/x86 (XP Professional SP3) (English) - Add Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows/x86 - Add Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Windows - Add Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes) Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes) Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes) Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes) Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes) Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes) Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes) Windows/x86 - Create Admin User (X) Shellcode (304 bytes) Windows/x86 - Create Administrator User (X) Shellcode (304 bytes) Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes) Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes) Windows/x86 (XP Professional SP2) (English) - Wordpad.exe Shellcode (15 bytes) Windows/x86 (XP Professional SP2) - calc.exe Shellcode (57 bytes) Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes) Windows/x86 (XP SP3) (English) - calc.exe Shellcode (16 bytes) Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes) Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes) Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)	2018-01-22 05:01:45 +00:00
Offensive Security	bfebc3fa5a	DB: 2018-01-20 62 changes to exploits/shellcodes macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability' Peercast < 0.1211 - Format String Trillian Pro < 2.01 - Design Error dbPowerAmp < 2.0/10.0 - Buffer Overflow PsychoStats < 2.2.4 Beta - Cross Site Scripting MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution GitStack 2.3.10 - Unauthenticated Remote Code Execution Invision Power Top Site List < 2.0 Alpha 3 - SQL Injection (PoC) Invision Power Board (IP.Board) < 2.0 Alpha 3 - SQL Injection (PoC) Aardvark Topsites < 4.1.0 - Multiple Vulnerabilities DUWare Multiple Products - Multiple Vulnerabilities AutoRank PHP < 2.0.4 - SQL Injection (PoC) ASPapp Multiple Products - Multiple Vulnerabilities osCommerce < 2.2-MS2 - Multiple Vulnerabilities PostNuke < 0.726 Phoenix - Multiple Vulnerabilities MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities phpGedView < 2.65 beta 5 - Multiple Vulnerabilities phpShop < 0.6.1-b - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3 - SQL Injection phpBB < 2.0.6d - Cross Site Scripting Phorum < 5.0.3 Beta - Cross Site Scripting vBulletin < 3.0.0 RC4 - Cross Site Scripting Mambo < 4.5 - Multiple Vulnerabilities phpBB < 2.0.7a - Multiple Vulnerabilities Invision Power Top Site List < 1.1 RC 2 - SQL Injection Invision Gallery < 1.0.1 - SQL Injection PhotoPost < 4.6 - Multiple Vulnerabilities TikiWiki < 1.8.1 - Multiple Vulnerabilities phpBugTracker < 0.9.1 - Multiple Vulnerabilities OpenBB < 1.0.6 - Multiple Vulnerabilities PHPX < 3.26 - Multiple Vulnerabilities Invision Power Board (IP.Board) < 1.3.1 - Design Error HelpCenter Live! < 1.2.7 - Multiple Vulnerabilities LiveWorld Multiple Products - Cross Site Scripting WHM.AutoPilot < 2.4.6.5 - Multiple Vulnerabilities PHP-Calendar < 0.10.1 - Arbitrary File Inclusion PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities ReviewPost < 2.84 - Multiple Vulnerabilities PhotoPost < 4.85 - Multiple Vulnerabilities AZBB < 1.0.07d - Multiple Vulnerabilities Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities Burning Board < 2.3.1 - SQL Injection XOOPS < 2.0.11 - Multiple Vulnerabilities PEAR XML_RPC < 1.3.0 - Remote Code Execution PHPXMLRPC < 1.1 - Remote Code Execution SquirrelMail < 1.4.5-RC1 - Arbitrary Variable Overwrite XPCOM - Race Condition ADOdb < 4.71 - Cross Site Scripting Geeklog < 1.4.0 - Multiple Vulnerabilities PEAR LiveUser < 0.16.8 - Arbitrary File Access Mambo < 4.5.3h - Multiple Vulnerabilities phpRPC < 0.7 - Remote Code Execution Gallery 2 < 2.0.2 - Multiple Vulnerabilities PHPLib < 7.4 - SQL Injection SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite CubeCart < 3.0.12 - Multiple Vulnerabilities Claroline < 1.7.7 - Arbitrary File Inclusion X-Cart < 4.1.3 - Arbitrary Variable Overwrite Mambo < 4.5.4 - SQL Injection Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities D-Link DNS-343 ShareCenter < 1.05 - Command Injection D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)	2018-01-20 05:01:49 +00:00
Offensive Security	8a2e4ff27a	DB: 2018-01-19 58 changes to exploits/shellcodes Smiths Medical Medfusion 4000 - 'DHCP' Denial of Service WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::InputType::element' Use-After-Free (1) WebKit - 'WebCore::InputType::element' Use-After-Free WebKit - 'WebCore::InputType::element' Use-After-Free (2) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (1) Linux Kernel 2.4.22 - 'do_brk()' Local Privilege Escalation (2) Rosoft Media Player 4.2.1 - Local Buffer Overflow Rosoft Media Player 4.2.1 (Windows XP SP2/3 French) - Local Buffer Overflow GNU Screen 4.5.0 - Local Privilege Escalation GNU Screen 4.5.0 - Local Privilege Escalation (PoC) glibc - 'getcwd()' Local Privilege Escalation JAD java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow JAD Java Decompiler 1.5.8e - Local Buffer Overflow (NX Enabled) Ability Server 2.34 - Remote APPE Buffer Overflow Ability Server 2.34 - 'APPE' Remote Buffer Overflow CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1) Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1) Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (2) Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (2) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1) Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2) Invision Power Board 2.0.3 - 'login.php' SQL Injection Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial) FOSS Gallery Public 1.0 - Arbitrary File Upload FOSS Gallery Public 1.0 - Arbitrary File Upload (PoC) Vastal I-Tech Agent Zone - SQL Injection Vastal I-Tech Agent Zone - 'view_listing.php' SQL Injection Netsweeper 4.0.8 - Authentication Bypass Netsweeper 4.0.8 - Authentication Bypass (via Disabling of IP Quarantine) Netsweeper 4.0.8 - Authentication Bypass Netsweeper 4.0.8 - Authentication Bypass (via New Profile Creation) Primefaces 5.x - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution (Metasploit) Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit) Vastal I-Tech Agent Zone - SQL Injection Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes) BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes) FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes) FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) + Null-Free Shellcode (65 bytes) Linux/x86 - execve() Null-Free Shellcode (Generator) Linux/x86 - execve() + Null-Free Shellcode (Generator) Windows XP SP1 - Bind TCP Shell Shellcode (Generator) Windows (XP SP1) - Bind TCP Shell Shellcode (Generator) Linux/x86 - Command Generator Null-Free Shellcode (Generator) Linux/x86 - Command Generator + Null-Free Shellcode (Generator) (Generator) - HTTP/1.x Requests Shellcode (18+/26+ bytes) Windows x86 - Multi-Format Encoding Tool Shellcode (Generator) Linux/x86 - HTTP/1.x Requests Shellcode (18+/26+ bytes) (Generator) Windows/x86 - Multi-Format Encoding Tool Shellcode (Generator) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator Null-Free (Generator) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - reboot() + PUSH Shellcode (30 bytes) Linux/x86 - Shellcode Obfuscator + Null-Free (Generator) Linux/x86 - Reverse UDP (54321/UDP) tcpdump Live Packet Capture Shellcode (151 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) + Null-Free Shellcode (28 bytes) Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - Reverse TCP (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - execve() Read Shellcode (92 bytes) Linux/x86 - execve() + Read Shellcode (92 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() + Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid() + Executes Command Shellcode (49+ bytes) Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes) Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - execve() + Diassembly + Obfuscation Shellcode (32 bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() + Null-Free Shellcode (236 bytes) Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes) Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) + XORED Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) Shellcode + 1 Encoded (39 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - execve(/bin/sh) + Anti-Debug Trick (INT 3h trap) Shellcode (39 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes) Linux/x86 - (eax != 0 and edx == 0) + exit() Shellcode (4 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - Snoop /dev/dsp + Null-Free Shellcode (172 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) + sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes) Linux/x86 - Alphanumeric Encoded + IMUL Method Shellcode (88 bytes) Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes) Linux/IA32 - execve(/bin/sh) + 0xff-Free Shellcode (45 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP (200.182.207.235/TCP) Telnet Shel Shellcode (134 bytes) Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) + XOR Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) + ToLower Encoded Shellcode (55 bytes) OSX/PPC - Reboot Shellcode (28 bytes) OSX/PPC - Reboot() Shellcode (28 bytes) Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - setreuid + Executes Command Shellcode (92+ bytes) Solaris/MIPS - Download File (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - setreuid() + Executes Command Shellcode (92+ bytes) Solaris/SPARC - setreuid + execve() Shellcode (56 bytes) Solaris/SPARC - setreuid() + execve() Shellcode (56 bytes) Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) + Null-Free Shellcode (39 bytes) Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows/x86 (5.0 < 7.0) - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows/x86 (XP SP2) (English) - cmd.exe Shellcode (23 bytes) Windows/x86 - Egg Omelet SEH Shellcode Windows/x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows/x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes) Windows/x86 (XP SP2) - cmd.exe Shellcode (57 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes) Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows/x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator) Windows/x86 - Download File + Execute Shellcode (192 bytes) Windows/x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows/x86 (NT/XP) - IsDebuggerPresent Shellcode (39 bytes) Windows/x86 (SP1/SP2) - Beep Shellcode (35 bytes) Windows/x86 (XP SP2) - MessageBox Shellcode (110 bytes) Windows/x86 - Command WinExec() Shellcode (104+ bytes) Windows/x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows (NT/2000/XP) (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows (9x/NT/2000/XP) - Reverse Generic Without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows (9x/NT/2000/XP) - PEB method Shellcode (29 bytes) Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes) Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes) Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows (XP/2000/2003) - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows (XP) - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) + Null-Free Shellcode Windows (XP SP1) - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + execve(/sbin/poweroff -f) Shellcode (47 bytes) Windows XP SP2 - PEB ISbeingdebugged Beep Shellcode (56 bytes) Windows (XP SP2) - PEB ISbeingdebugged Beep Shellcode (56 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Windows/x86 (XP SP3) - ShellExecuteA Shellcode Linux/x86 - setreuid(0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows/x86 (XP SP3) - Add Firewall Rule (Allow 445/TCP) Shellcode Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Windows/x86 (XP SP2) - calc.exe Shellcode (45 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes) Windows XP Professional SP2 (English) - MessageBox Null-Free Shellcode (16 bytes) Windows XP Professional SP2 (English) - Wordpad Null-Free Shellcode (12 bytes) Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes) Windows (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Windows/x86 (XP SP2) (French) - calc Shellcode (19 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes) Windows/x86 (XP SP2) (Turkish) - cmd.exe Shellcode (26 bytes) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Windows (XP Home SP2) (English) - calc.exe Shellcode (37 bytes) Windows (XP Home SP3) (English) - calc.exe Shellcode (37 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows - Egghunter JITed Stage-0 Shellcode Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode Windows/x86 - JITed Stage-0 Shellcode Windows/x86 - JITed exec notepad Shellcode Windows (XP Professional SP2) (Italian) - calc.exe Shellcode (36 bytes) Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows - Egghunter (0x07333531) JITed Stage-0 Shellcode Windows/x86 (XP SP3) (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows/x86 - MessageBox Shellcode (Metasploit) Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - execve(a->/bin/sh) + Local-only Shellcode (14 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(/bin/sh) Shellcode (34 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Windows (XP SP2) (French) - Download File (http://www.site.com/nc.exe) + Execute (c:\backdor.exe) Shellcode Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes) Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes) Windows/x86-64 (7) - cmd Shellcode (61 bytes) Linux/x86 - unlink(/etc/shadow) Shellcode (33 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes) Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator) Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) Null-Free Shellcode Linux - setreuid(0_0) + execve(_/bin/sh__NULL_NULL) + XOR Encoded Shellcode (62 bytes) Safari 4.0.5 < 5.0.0 (Windows XP/7) - JavaScript JITed exec calc (ASLR/DEP Bypass) + Null-Free Shellcode Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Windows/x86 - Write-to-file ('pwned' ./f.txt) + Null-Free Shellcode (278 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes) Windows XP SP3 (English) - MessageBoxA Shellcode (87 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic + Null-Free Shellcode (46 bytes) Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes) Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows/x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode Windows Mobile 6.5 TR - Phone Call Shellcode Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows/x86 (XP SP3) (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Linux/ARM - Bind TCP Listener (0x1337/TCP) + Receive Shellcode + Payload Loader Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode Windows/x86 (5.0 < 7.0) - Speaking 'You got pwned!' + Null-Free Shellcode Windows x86 - Eggsearch Shellcode (33 bytes) Windows/x86 - Eggsearch Shellcode (33 bytes) Windows - Download File + Execute via DNS (IPv6) Shellcode (Generator) (Metasploit) Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter + Null-Free Shellcode (29 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password + Polymorphic Shellcode Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows XP Professional SP3 - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes) Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows/x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows (XP Professional SP3) - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes) Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Windows (2000/XP/7 x64/x86) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode Cisco ASA - Authentication Bypass _EXTRABACON_ (Improved Shellcode) (69 bytes) Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes) Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egghunter Shellcode (31 bytes) Windows/ARM (RT) - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egghunter (0x56767606) Using fstenv + Obfuscation Shellcode (31 bytes) Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Windows - MessageBox Null-Free Shellcode (113 bytes) Windows/x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Windows - MessageBox + Null-Free Shellcode (113 bytes) Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Windows - Add Administrator User (BroK3n/BroK3n) Null-Free Shellcode (194 bytes) Windows/x86 (7) - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86 - rmdir() Shellcode (37 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download File + Execute Shellcode (Generator) Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (84 bytes) Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes) Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (40 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86 - Egghunter (0x5159) Shellcode (20 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - Create 'my.txt' In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(/sbin/halt) + exit(0) Shellcode (49 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Windows/x86 (XP SP3) - Create (file.txt) Shellcode (83 bytes) Windows/x86 (XP SP3) - Restart Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes) Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - Reboot() Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes) Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode Windows/x86 (XP SP3) (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter (0x50905090) Without Hardcoded Signature Shellcode (19 bytes) Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes) Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes) OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes) Windows XP < 10 - Command Generator WinExec Null-Free Shellcode (Generator) Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes) Linux/x86 - Egghunter (0x4f904790) Shellcode (13 bytes) Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows/x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Windows - Keylogger to File (./log.bin) Null-Free Shellcode (431 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Windows - Keylogger to File (./log.bin) + Null-Free Shellcode (431 bytes) Windows/x86 (.Net Framework) - Execute Native x86 Shellcode Windows - Keylogger to File (%TEMP%/log.bin) Null-Free Shellcode (601 bytes) Windows - Keylogger to File (%TEMP%/log.bin) + Null-Free Shellcode (601 bytes) Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes) Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows XP < 10 - Download File + Execute Shellcode Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Windows/x86 - system(systeminfo) Shellcode (224 bytes) Windows (XP < 10) - Download File + Execute Shellcode Windows/x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Windows/x86 (7) - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind TCP/UDP (98/TCP + UDP) Netcat Shell Shellcode (44/52 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes) Windows/x86 - MessageBoxA Shellcode (242 bytes) Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows/x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) OSX/PPC - Stager Sock Find MSG_PEEK Shellcode OSX/PPC - Stager Sock Find MSG_PEEK + Null-Free Shellcode OSX/PPC - execve(/bin/sh) Shellcode OSX/PPC - execve(/bin/sh) + Null-Free Shellcode Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator) Linux/x86 - Socket-proxy Shellcode (372 bytes) (Generator) Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes) Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes) Linux/x86 - rmdir(/tmp/willdeleted) Shellcode (41 bytes) Linux/x86 - setdomainname(th1s s3rv3r h4s b33n h1j4ck3d !!) Shellcode (58 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86 - Egghunter Shellcode (38 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell + Null-Free Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + Null-Free Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes) Linux/x86 - Egghunter (0x50905090) + Null-Free Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6) Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes) Linux/x86 - Reboot() + Mutated + Null-Free Shellcode (55 bytes) Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes) Linux/x86 - execve wget + Mutated + Null-Free Shellcode (96 bytes) Linux/x86 - execve(/bin/sh) + Uzumaki Encoded + Null-Free Shellcode (50 bytes) Linux/x86 - Uzumaki Encryptor Shellcode (Generator) Linux/x86 - Bind TCP (31337/TCP) Shell Shellcode (108 bytes) Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes) Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes) Linux/x86 - Bind TCP Shell Shellcode (112 bytes) Linux/x86 - Reverse TCP (127.1.1.1:12345/TCP) cat /etc/passwd Shellcode (111 bytes) Linux/x86 - Download File (http://192.168.2.222/x) + chmod() + execute Shellcode (108 bytes) Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes) Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes) Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes) Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes) Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes) Linux/x86 - shutdown -h now Shellcode (56 bytes) Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes) Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes) Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes) Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes) Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes) Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes) Windows/x86 - Create Admin User (X) Shellcode (304 bytes) Windows/x86 (XP SP3) (French) - Sleep 90 Seconds Shellcode (14 bytes) Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes) Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes) Windows/x86 (XP Professional SP3) (French) - calc.exe Shellcode (31 bytes) Windows/x86 - Download File (http://skypher.com/dll) + LoadLibrary + Null-Free Shellcode (164 bytes) Windows/x86 - calc.exe + Null-Free Shellcode (100 bytes) Windows/x86 - Message Box + Null-Free Shellcode (140 bytes) Windows/x86 (XP SP3) (Turkish) - MessageBoxA Shellcode (109 bytes) Windows/x86 (XP SP3) (Turkish) - calc.exe Shellcode (53 bytes) Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (52 bytes) Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (42 bytes) Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes) Windows/x86 (XP SP3) - MessageBox Shellcode (11 bytes) Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes) Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse TCP Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution + Null-Free Shellcode (72 bytes) Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir() Shellcode (25 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Windows/x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes) Windows/x86 - Executable Directory Search + Null-Free Shellcode (130 bytes) Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Windows/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Windows/x86 - Hide Console Window Shellcode (182 bytes) Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes) Linux/ARM - chmod( /etc/passwd 0777) Shellcode (39 bytes) Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes) Linux/SPARC - setreuid(0_0) + execve() Shellcode (72 bytes) Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - exceve(/bin/sh) + Encoded Shellcode (44 bytes) Linux/x86 - Insertion Decoder + Null-Free Shellcode (33+ bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Windows/x86-64 (10) - Egghunter Shellcode (45 bytes) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter (0x50905090) + /bin/sh Shellcode (18 bytes) Windows x86/x64 - cmd.exe Shellcode (718 bytes) Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) + XOR Encoded Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (4) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86-64 - mkdir(evil) Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes) Windows/x86-64 - API Hooking Shellcode (117 bytes)	2018-01-19 05:01:43 +00:00
Offensive Security	1db36d5e8b	DB: 2018-01-18 76 changes to exploits/shellcodes Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Printoxx - Local Buffer Overflow (PoC) Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC) Microsoft Edge Chakra JIT - Incorrect Bounds Calculation Microsoft Edge Chakra - 'JavascriptGeneratorFunction::GetPropertyBuiltIns' Type Confusion Microsoft Edge Chakra - Incorrect Scope Handling Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes (2) Microsoft Edge Chakra JIT - Out-of-Bounds Write Microsoft Edge Chakra - 'AsmJSByteCodeGenerator::EmitCall' Out-of-Bounds Read Microsoft Edge Chakra JIT - Stack-to-Heap Copy Transmission - RPC DNS Rebinding Master IP CAM 01 - Multiple Vulnerabilities Zomato Clone Script - Arbitrary File Upload Reservo Image Hosting Script 1.5 - Cross-Site Scripting D-Link DSL-2640R - Unauthenticated DNS Change Belkin N600DB Wireless Router - Multiple Vulnerabilities SugarCRM 3.5.1 - Cross-Site Scripting Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - HTTP Server (8800/TCP) + fork() Shellcode (166 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Append RSA Key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Set System Time to 0 + exit() Shellcode (12 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (36 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd + No Password Shellcode (59 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) + exit() Shellcode (4 bytes) Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes) Linux/x86 - write(0__Hello core!\n__12) + exit() Shellcode (36/43 bytes) Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) + Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Alphanumeric Encoded (IMUL Method) Shellcode (88 bytes) Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes) Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes) Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes) Linux/x86 - Add Root User (t00r) To /etc/passwd + Anti-IDS Shellcode (116 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User (t00r) To /etc/passwd Shellcode (82 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - Add Root User (z) To /etc/passwd Shellcode (70 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Linux/x86 - pwrite(/etc/shadow_ (md5 hash of agix)_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb + Alphanumeric Shellcode (117 bytes) Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) Linux/x86 - unlink /etc/shadow Shellcode (33 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{shadow_passwd} Shellcode (390 bytes) Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/ARM - Add Root User (shell-storm/toor) Shellcode (151 bytes) Linux/ARM - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (151 bytes) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (111 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) To /etc/passwd Shellcode (143 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) Shellcode (164 bytes) Linux/MIPS - Add Root User (rOOt/pwn3d) To /etc/passwd Shellcode (164 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + No Password Polymorphic Shellcode Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) To /etc/passwd + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes) Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (1) Linux/x86 - Create File With Permission 7775 + exit Shellcode (Generator) Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + Fork + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes) Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{shadow_passwd} Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{shadow_passwd} Shellcode (273 bytes) Linux/x86 - execve(/bin/sh /tmp/p00p) Shellcode (70 bytes) Linux/x86 - execve(/bin/ash) + exit() Shellcode (34 bytes) Linux/x86 - Add Root User To /etc/passwd + No Password + exit() Shellcode (83 bytes) Linux/x86 - setuid() + execve() + exit() Shellcode (44 bytes) Linux/x86 - chmod(/bin/sh_04775) + set sh +s Shellcode (31 bytes) Linux/x86 - socket-proxy Shellcode (372 bytes) (Generator) Linux/x86 - setresuid(0_0_0) + execve(/bin/sh) + exit() Shellcode (41 bytes) Linux/x86 - Reverse TCP (www.netric.org:45295/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (45295/TCP) Shell (/bin/sh) + fork() Shellcode (200 bytes) Linux/x86 - /sbin/iptables --flush Shellcode (69 bytes) Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (29 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_ 0_ 0) Shellcode (27 bytes) Linux/x86 - setuid(0) + chmod(/etc/shadow_ 0666) Shellcode (37 bytes) Linux/x86 - pwrite(/etc/shadow_ (md5 hash of agix)_ 32_ 8) Shellcode (89 bytes) Linux/x86 - Remote File Download Shellcode (42 bytes) Linux/x86 - CDRom Ejecting Shellcode (46 bytes) Linux/x86 - sethostname(PwNeD !!_ 8) Shellcode (32 bytes) Linux/x86 - exit(0) Shellcode (8 bytes) Linux/x86 - sync Shellcode (6 bytes) Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes) Linux/x86 - rmdir(_/tmp/willdeleted_) Shellcode (41 bytes) Linux/x86 - setdomainname(_th1s s3rv3r h4s b33n h1j4ck3d !!_) Shellcode (58 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes) Linux/x86 - Force unmount /media/disk Shellcode (33 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + ASCII Shellcode (443 bytes) Linux/x86 - CDRom Ejecting + Polymorphic Shellcode (74 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + Polymorphic Shellcode (125 bytes) Linux/x86 - /sbin/iptables -POUTPUT DROP Shellcode (60 bytes) Linux/x86 - /usr/bin/killall snort Shellcode (46 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (3) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (5) Linux/x86 - execve(/bin/dash) Shellcode (49 bytes) Linux/x86 - execve(/bin/cat_ /etc/shadow_ NULL) Shellcode (42 bytes) Linux/x86 - /etc/init.d/apparmor teardown Shellcode (53 bytes) Linux/x86 - setreuid() + /sbin/iptables -F + exit(0) Shellcode (76 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - execve(/bin/sh) Shellcode (28 bytes) Linux/x86 - mkdir(hacked) + exit() Shellcode (36 bytes) Linux/x86 - Stager Reads Second Stage From STDIN Shellcode (14 bytes) Linux/x86 - iptables --flush Shellcode (43 bytes) Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) (2) Linux/x86 - Force Reboot Shellcode (36 bytes) Linux/x86 - execve(chmod 0777 /etc/shadow) Shellcode (57 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) Shellcode (103 bytes) Linux/x86 - Reverse TCP (127.1.1.1:55555/TCP) Shell Shellcode (72 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (65 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method Shellcode (89 bytes) Linux/x86 - Bind TCP (1111/TCP) Shell Shellcode (73 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86 - Egghunter Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (4) Linux/x86 - chmod 777 /etc/sudoers Shellcode (36 bytes)	2018-01-18 05:02:25 +00:00
Offensive Security	909c94ce89	DB: 2018-01-17 78 changes to exploits/shellcodes OBS studio 20.1.3 - Local Buffer Overflow OBS Studio 20.1.3 - Local Buffer Overflow Seagate Personal Cloud - Multiple Vulnerabilities AIX - execve /bin/sh Shellcode (88 bytes) AIX - execve(/bin/sh) Shellcode (88 bytes) BSD/PPC - execve /bin/sh Shellcode (128 bytes) BSD/x86 - setuid(0) + execve /bin/sh Shellcode (30 bytes) BSD/PPC - execve(/bin/sh) Shellcode (128 bytes) BSD/x86 - setuid(0) + execve(/bin/sh) Shellcode (30 bytes) BSD/x86 - execve /bin/sh Shellcode (27 bytes) BSD/x86 - execve /bin/sh + setuid(0) Shellcode (29 bytes) BSD/x86 - execve(/bin/sh) Shellcode (27 bytes) BSD/x86 - execve(/bin/sh) + setuid(0) Shellcode (29 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (49 bytes) BSD/x86 - execve /bin/sh Encoded Shellcode (57 bytes) BSD/x86 - execve(/bin/sh) Encoded Shellcode (49 bytes) BSD/x86 - execve(/bin/sh) + Encoded Shellcode (57 bytes) BSDi/x86 - execve /bin/sh Shellcode (45 bytes) BSDi/x86 - execve /bin/sh Shellcode (46 bytes) BSDi/x86 - execve /bin/sh ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve /bin/sh Anti-Debugging Shellcode (140 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes) BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes) BSDi/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (97 bytes) FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes) FreeBSD/x86 - execve /bin/cat /etc/master.passwd Null-Free Shellcode (65 bytes) FreeBSD/x86 - execve(/bin/cat /etc/master.passwd) Null-Free Shellcode (65 bytes) FreeBSD/x86 - execve /bin/sh Encoded Shellcode (48 bytes) FreeBSD/x86 - execve(/bin/sh) Encoded Shellcode (48 bytes) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (1) FreeBSD/x86 - execve /bin/sh Shellcode (23 bytes) (2) FreeBSD/x86 - execve /bin/sh Shellcode (37 bytes) FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1) FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (2) FreeBSD/x86 - execve(/bin/sh) Shellcode (37 bytes) FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes) FreeBSD/x86 - execve /tmp/sh Shellcode (34 bytes) FreeBSD/x86 - chown 0:0 + chmod 6755 + execve(/tmp/sh) Shellcode (44 bytes) FreeBSD/x86 - execve(/tmp/sh) Shellcode (34 bytes) FreeBSD/x86-64 - execve /bin/sh Shellcode (34 bytes) Linux/x86 - execve Null-Free Shellcode (Generator) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86 - execve() Null-Free Shellcode (Generator) Linux - execve /bin/sh Polymorphic With Printable ASCII Characters Shellcode (Generator) Linux - execve(/bin/sh) + Polymorphic + Printable ASCII Characters Shellcode (Generator) HP-UX - execve /bin/sh Shellcode (58 bytes) HP-UX - execve(/bin/sh) Shellcode (58 bytes) Linux/PPC - execve /bin/sh Shellcode (60 bytes) Linux/PPC - execve(/bin/sh) Shellcode (60 bytes) Linux/PPC - execve /bin/sh Shellcode (112 bytes) Linux/PPC - execve(/bin/sh) Shellcode (112 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - /bin/sh + Self-Modifying Anti-IDS Shellcode (35/64 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Disable Network Card + Polymorphic Shellcode (75 bytes) Linux/x86 - killall5 + Polymorphic Shellcode (61 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (48 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - reboot() + Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow + Polymorphic Shellcode (54 bytes) Linux/x86 - execve read Shellcode (92 bytes) Linux/x86 - execve() Read Shellcode (92 bytes) Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) Shellcode (22 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - execve(/bin/sh) (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes) Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - execve() Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (2) Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (40 bytes) Linux/x86 (Intel x86 CPUID) - execve(/bin/sh) XORED Encoded Shellcode (41 bytes) Linux/x86 - execve(/bin/sh) Shellcode +1 Encoded (39 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes) Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) Shellcode (31 bytes) Linux/x86 - execve(/bin/sh) + PUSH Shellcode (23 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve(/bin/sh) sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve(/bin/sh) Shellcode (66 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - setreuid() + execve() Shellcode (31 bytes) Linux/x86 - execve code Shellcode (23 bytes) Linux/x86 - execve() Shellcode (23 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes) Linux/x86 - execve(/bin/sh) Alphanumeric Shellcode (392 bytes) Linux/IA32 - execve(/bin/sh) 0xff-Free Shellcode (45 bytes) BSD/x86 - symlink /bin/sh + XORing Encoded Shellcode (56 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - symlink . /bin/sh Shellcode (32 bytes) Linux/x86 - Add Root User (t00r) + Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow + Anti-IDS Shellcode (75 bytes) BSD/x86 - symlink . /bin/sh Shellcode (32 bytes) Linux/x86 - execve /bin/sh Shellcode (29 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3) Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - execve(/bin/sh) Shellcode (29 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (3) Linux/x86 - execve(/bin/sh) Shellcode (38 bytes) Linux/x86 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes) OpenBSD/x86 - Load Kernel Module (/tmp/o.o) Shellcode (66 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve(/bin/sh) Shellcode (80 bytes) Linux/x86 - execve(/bin/sh) + Anti-IDS Shellcode (58 bytes) Linux/x86 - execve(/bin/sh) XOR Encoded Shellcode (55 bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/sh) Shellcode (46+ bytes) Linux/x86 - execve(/bin/sh) ToLower Encoded Shellcode (55 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve(/bin/sh) Shellcode (132 bytes) Linux/x86-64 - execve /bin/sh Shellcode (33 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve /bin/sh Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve /bin/sh Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 / Unix/SPARC / IRIX/MIPS - execve(/bin/sh) Shellcode (141 bytes) Linux/x86 / Unix/SPARC - execve(/bin/sh) Shellcode (80 bytes) BSD/x86 / Linux/x86 - execve(/bin/sh) Shellcode (38 bytes) NetBSD/x86 - execve /bin/sh Shellcode (68 bytes) OpenBSD/x86 - execve /bin/sh Shellcode (23 bytes) NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes) OpenBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) OSX/PPC - execve /bin/sh Shellcode (72 bytes) OSX/PPC - execve(/bin/sh) Shellcode (72 bytes) OSX/PPC - setuid(0) + execve /bin/sh Shellcode (88 bytes) OSX/PPC - setuid(0) + execve(/bin/sh) Shellcode (88 bytes) OSX/PPC - execve /usr/X11R6/bin/xterm Shellcode (141 bytes) OSX/PPC - execve(/usr/X11R6/bin/xterm) Shellcode (141 bytes) Solaris/SPARC - Download File (http://evil-dl/) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/MIPS - Download (http://10.1.1.2:80/evil-dl) + Execute (/tmp/ff) Shellcode (278 bytes) Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve Shellcode (56 bytes) Solaris/MIPS - Reverse TCP (10.0.0.3:44434/TCP) Shell + XNOR Encoded Traffic Shellcode (600 bytes) (Generator) Solaris/SPARC - setreuid + execve() Shellcode (56 bytes) Solaris/SPARC - execve /bin/sh Shellcode (52 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(/bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - execve /bin/sh ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve Shellcode (201 bytes) UnixWare - execve /bin/sh Shellcode (95 bytes) Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes) Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes) UnixWare - execve(/bin/sh) Shellcode (95 bytes) Linux/x86 - execve Shellcode (51 bytes) Linux/x86 - execve() Shellcode (51 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes) Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (43 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (8 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (2) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86 - execve(/bin/sh) Shellcode (25 bytes) (2) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb + Polymorphic Shellcode (30 bytes) Linux/x86-64 - execve /bin/sh Shellcode (30 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) + Polymorphic Shellcode (57 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve(_/bin/sh_) Shellcode (39 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow Polymorphic Shellcode (84 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (116 bytes) Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + XOR 88 Encoded + Polymorphic Shellcode (78 bytes) Linux - Write SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes) Linux - Write SUID Root Shell (/tmp/.hiddenshell) + Polymorphic Shellcode (161 bytes) Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes) Linux/x86 - Bind TCP (6778/TCP) Shell + XOR Encoded + Polymorphic Shellcode (125 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) + Polymorphic Shellcode (Generator) Linux/x86 - Find All Writeable Folder In FileSystem + Polymorphic Shellcode (91 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Null-Free Shellcode (46 bytes) Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM) Windows Mobile 6.5 TR (WinCE 5.2)/ARM - MessageBox Shellcode OSX/Intel x86-64 - setuid shell Shellcode (51 bytes) OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes) OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) OSX - Universal ROP + Reverse TCP Shell Shellcode Linux/MIPS - execve /bin/sh Shellcode (52 bytes) OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode Linux/MIPS - execve(/bin/sh) Shellcode (52 bytes) Linux/MIPS - execve /bin/sh Shellcode (48 bytes) Linux/MIPS - execve(/bin/sh) Shellcode (48 bytes) Linux/x86-64 - execve /bin/sh Shellcode (52 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd + Polymorphic Shellcode Linux/x86 - execve /bin/dash Shellcode (42 bytes) Linux/x86 - execve(/bin/dash) Shellcode (42 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86 - execve(/bin/sh) + Socket Re-Use Shellcode (50 bytes) Linux/MIPS - execve /bin/sh Shellcode (36 bytes) Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes) Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes) Linux/x86 - execve(/bin/sh) ROT13 Encoded Shellcode (68 bytes) Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes) Linux/x86 - execve(/bin/sh) Obfuscated Shellcode (40 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Linux/x86 - execve(/bin/sh) Shellcode (35 bytes) Linux/x86 - Custom execve Shellcode (Encoder/Decoder) (Generator) Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - 'Followtheleader' Custom execve() Shellcode (Encoder/Decoder) (Generator) Linux/x86 - execve(/bin/sh) (Push Method) Shellcode (21 bytes) Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1) Linux/x86 - execve(/bin/sh) Shellcode (26 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (1) Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes) Linux/x86-64 - execve(/bin/sh) Null-Free Shellcode (30 bytes) Linux/x86 - execve /bin/sh Shellcode (23 bytes) Linux/x86 - execve(/bin/sh) Shellcode (23 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Linux/x86-64 - execve() Encoded Shellcode (57 bytes) Linux/x86 - execve(/bin/sh) ROT7 Encoded Shellcode Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode Linux/x86 - execve(/bin/sh) ROL/ROR Encoded Shellcode OSX/x86-64 - execve /bin/sh Null-Free Shellcode (34 bytes) OSX/x86-64 - execve(/bin/sh) Null-Free Shellcode (34 bytes) Linux/x86 - execve /bin/bash Shellcode (31 bytes) Linux/x86 - execve(/bin/bash) Shellcode (31 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Linux/x86-64 - execve() Shellcode (22 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) (1) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - execve() XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes) Linux/x86-64 - execve /bin/sh Shellcode (26 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/bash Shellcode (33 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1) Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) Linux/x86-64 - execve() XOR Encoded Shellcode (84 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86 - execve(/bin/sh) + ASLR Bruteforce Shellcode Linux/x86 - execve /bin/sh Shellcode (19 bytes) Linux/x86 - execve(/bin/sh) Shellcode (19 bytes) OSX/PPC - Remote findsock by recv() Key Shellcode OSX/PPC - Reverse TCP Shell (/bin/csh) Shellcode OSX/PPC - Stager Sock Find MSG_PEEK Shellcode OSX/PPC - Stager Sock Find Shellcode OSX/PPC - Stager Sock Reverse Shellcode OSX/PPC - Bind TCP (8000/TCP) Shell + OSXPPCLongXOR Encoded Shellcode (300 bytes) OSX/PPC - execve(/bin/sh) Shellcode OSX/PPC - execve(/bin/sh_[/bin/sh]_NULL) + exit() Shellcode (72 bytes) OSX/x86 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86 - Add User (t00r/t00r) PexFnstenvSub Encoded Shellcode (116 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + execute /bin/sh Shellcode (57 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) + Bind TCP (2222/TCP) Shell Shellcode (133 bytes) BSD/x86 - Bind TCP (2222/TCP) Shell Shellcode (100 bytes) Linux/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (67 bytes) Linux/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes) Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode Solaris/SPARC - Bind TCP (2001/TCP) Shell (/bin/sh) Shellcode Solaris/SPARC - Bind TCP Shell Shellcode Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes) Solaris/x86 - execve(/bin/sh) Shellcode (43 bytes) BSD/x86 - setuid(0) + Break chroot (../ 10x Loop) Shellcode (34 bytes) OpenBSD/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (74 bytes) BSD/x86 - Break chroot (../ 10x Loop) Shellcode (28 bytes) BSD/x86 - Break chroot (../ 10x Loop) Shellcode (40 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) + exit() Shellcode (58 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) + exit() Shellcode (64 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (58 bytes) BSD/x86 - symlink /bin/sh sh Shellcode (39 bytes) Linux/x86 - symlink /bin/sh sh Shellcode (36 bytes) BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) Linux/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes) BSD/x86 - execve(/bin/sh) + seteuid(0) Shellcode (31 bytes) BSD/x86 - execve(/bin/sh) Shellcode (28 bytes) Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes) Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes) Linux/x86 - Disable Shadowing Shellcode (42 bytes) Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes) Linux/x86 - exit(0) / exit(1) Shellcode (3/4 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0) Shellcode (25 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_[/bin/sh_NULL])) Shellcode (25 bytes) Linux/x86 - execve(/sbin/shutdown_/sbin/shutdown 0) Shellcode (36 bytes) Linux/x86 - execve(/sbin/reboot_/sbin/reboot) Shellcode (28 bytes) Linux/x86 - execve(/sbin/halt_/sbin/halt) Shellcode (27 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__0_0) Shellcode (28 bytes) Linux/x86 - execve(/bin/sh_0_0) Shellcode (21 bytes) Linux/x86 - fork() + setreuid(0_ 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126 bytes) Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0_0) + execve() Shellcode (566 bytes) Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes) Linux/x86 - execve(/sbin/ipchains -F) Shellcode (70 bytes) Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86 - execve(/bin/bash -c) Arbitrary Command Execution Null-Free Shellcode (72 bytes) Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Linux/x86 - execve(/bin/dash) Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (53 bytes) FreeBSD/x86-64 - execve /bin/sh Shellcode (28 bytes) FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes) FreeBSD/x86 - //sbin/pfctl -F all Shellcode (47 bytes) FreeBSD/x86 - /sbin/pfctl -F all Shellcode (47 bytes) FreeBSD - reboot() Shellcode (15 Bytes) FreeBSD/x86 - reboot() Shellcode (15 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes) Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes) Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1) Linux/x86 - execve(/bin/sh) + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86 - execve(/bin/sh) Shellcode (24 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (30 bytes)	2018-01-17 05:02:19 +00:00
Offensive Security	50c008ba06	DB: 2018-01-16 39 changes to exploits/shellcodes OBS studio 20.1.3 - Local Buffer Overflow Kingsoft Antivirus/Internet Security 9+ - Privilege Escalation Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation SysGauge Server 3.6.18 - Buffer Overflow Disk Pulse Enterprise 10.1.18 - Buffer Overflow Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution ImgHosting 1.5 - Cross-Site Scripting Domains & Hostings Manager PRO 3.0 - Authentication Bypass PerfexCRM 1.9.7 - Arbitrary File Upload RISE 1.9 - 'search' SQL Injection Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect Adminer 4.3.1 - Server-Side Request Forgery Oracle PeopleSoft 8.5x - Remote Code Execution ILIAS < 5.2.4 - Cross-Site Scripting Flash Operator Panel 2.31.03 - Command Execution pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes) BSD - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (124 bytes) BSD/x86 - setuid(0) + Bind TCP Shell (31337/TCP) Shellcode (94 bytes) BSD/x86 - setuid(0) + Bind TCP (31337/TCP) Shell Shellcode (94 bytes) BSD/x86 - Bind TCP Shell (31337/TCP) Shellcode (83 bytes) BSD/x86 - Bind TCP Shell (Random TCP Port) Shellcode (143 bytes) BSD/x86 - Bind TCP (31337/TCP) Shell Shellcode (83 bytes) BSD/x86 - Bind TCP (Random TCP Port) Shell Shellcode (143 bytes) BSD/x86 - Reverse TCP Shell (torootteam.host.sk:2222/TCP) Shellcode (93 bytes) BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes) BSD/x86 - Reverse TCP Shell (192.168.2.33:6969/TCP) Shellcode (129 bytes) BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes) FreeBSD/x86 - Reverse TCP cat /etc/passwd (192.168.1.33:8000/TCP) Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:8000/TCP) Null-Free Shellcode (89 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:8000/TCP) Shell (/bin/sh) + Null-Free Shellcode (89 bytes) FreeBSD/x86 - Bind TCP Password /bin/sh Shell (4883/TCP) Shellcode (222 bytes) FreeBSD/x86 - Bind TCP (4883/TCP) Shell (/bin/sh) + Password Shellcode (222 bytes) FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (102 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell (/bin/sh) Shellcode (102 bytes) Windows - Reverse TCP Shell (127.0.0.1:123/TCP) Alphanumeric Shellcode (Encoder/Decoder) (Generator) Windows - Reverse TCP (127.0.0.1:123/TCP) Shell + Alphanumeric Shellcode (Encoder/Decoder) (Generator) Cisco IOS - New TTY + Privilege Level To 15 + Reverse Virtual Terminal Shell (21/TCP) Shellcode Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode Linux/x86-64 - Reverse TCP Semi-Stealth /bin/bash Shell Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP /bin/sh Shell (4919/TCP) Shellcode (276 bytes) Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator) Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes) Linux/PPC - Reverse TCP /bin/sh Shell (192.168.1.1:31337/TCP) Shellcode (240 bytes) Linux/PPC - Reverse TCP (192.168.1.1:31337/TCP) Shell (/bin/sh) Shellcode (240 bytes) Linux/SPARC - Reverse TCP Shell (192.168.100.1:2313/TCP) Shellcode (216 bytes) Linux/SPARC - Bind TCP Shell (8975/TCP) Null-Free Shellcode (284 bytes) Linux/SPARC - Reverse TCP (192.168.100.1:2313/TCP) Shell Shellcode (216 bytes) Linux/SPARC - Bind TCP (8975/TCP) Shell + Null-Free Shellcode (284 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + XOR Encoded Shellcode (152 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP (8000/TCP) Shell + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP (8000/TCP) Shell (/bin/sh) Shellcode (179 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse TCP (8192/TCP) cat /etc/shadow Shellcode (155 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Raw-Socket ICMP/Checksum Shell (/bin/sh) Shellcode (235 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.13.22:31337/TCP) Shellcode (82 bytes) (Generator) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (100 bytes) Linux/x86 - Reverse TCP (192.168.13.22:31337/TCP) Shell (/bin/sh) Shellcode (82 bytes) (Generator) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - Reverse TCP (127.0.0.1:80/TCP) Shell + XOR Encoded Shellcode (371 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) + Password (gotfault) Shellcode (166 bytes) Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (86 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (80 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + fork() Shellcode (98 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Reverse TCP (127.0.0.1:31337/TCP) Shell Shellcode (74 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - Reverse TCP Shell (/bin/sh) Shellcode (120 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell Shellcode (92 bytes) Linux/x86 - Bind TCP (5074/TCP) Shell + fork() Shellcode (130 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes) NetBSD/x86 - Reverse TCP Shell (6666/TCP) Shellcode (83 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - Reverse TCP (6666/TCP) Shell Shellcode (83 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL) Shellcode (30 bytes) OpenBSD/x86 - Bind TCP Shell (6969/TCP) Shellcode (148 bytes) OpenBSD/x86 - Bind TCP (6969/TCP) Shell Shellcode (148 bytes) Solaris/SPARC - Reverse TCP Shell (44434/TCP) XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - Reverse TCP (44434/TCP) Shell + XNOR Encoded Shellcode (600 bytes) (Generator) Solaris/SPARC - Bind TCP Shell (6666/TCP) Shellcode (240 bytes) Solaris/SPARC - Bind TCP (6666/TCP) Shell Shellcode (240 bytes) Solaris/SPARC - Bind TCP /bin/sh Shell (6789/TCP) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP /bin/sh Shell (192.168.1.4:5678/TCP) Shellcode (204 bytes) Solaris/SPARC - Bind TCP (6789/TCP) Shell (/bin/sh) Shellcode (228 bytes) Solaris/SPARC - Reverse TCP (192.168.1.4:5678/TCP) Shell (/bin/sh) Shellcode (204 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows 5.0 < 7.0 x86 - Bind TCP (28876/TCP) Shell + Null-Free Shellcode Windows XP/2000/2003 - Reverse TCP Shell (127.0.0.1:53/TCP) Shellcode (275 bytes) (Generator) Windows XP/2000/2003 - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator) Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows XP SP1 - Bind TCP (58821/TCP) Shell Shellcode (116 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (1337/TCP) Shellcode (167 bytes) FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - Reverse TCP (8080/TCP) Netcat Shell Shellcode (76 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP (31337/TCP) Shell + setreuid(0_0) + Polymorphic Shellcode (131 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux/x86 - Bind TCP (64533/TCP) Shell (/bin/sh) Shellcode (97 bytes) Linux - Bind TCP Shell (6778/TCP) XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind Netcat Shell (31337/TCP) Polymorphic Shellcode (91 bytes) Linux - Bind TCP (6778/TCP) Shell + XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind TCP (31337/TCP) Netcat Shell + Polymorphic Shellcode (91 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - Bind TCP (8080/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (75 bytes) BSD/x86 - Bind TCP Shell (2525/TCP) Shellcode (167 bytes) BSD/x86 - Bind TCP (2525/TCP) Shell Shellcode (167 bytes) Linux/ARM - Bind TCP Shell (0x1337/TCP) Shellcode Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode FreeBSD/x86 - Reverse TCP /bin/sh Shell (127.0.0.1:1337/TCP) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP /bin/sh Shell (31337/TCP) + Fork Shellcode (111 bytes) FreeBSD/x86 - Reverse TCP (127.0.0.1:1337/TCP) Shell (/bin/sh) Shellcode (81 bytes) (Generator) FreeBSD/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + Fork Shellcode (111 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP /bin/sh Shell (FFFFFFFF:4444/TCP) Shellcode (131 bytes) Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic XOR Encoded Shellcode (69/93 bytes) OSX/Intel x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes) Linux/MIPS - Reverse TCP Shell (0x7a69/TCP) Shellcode (168 bytes) Linux/MIPS - Reverse TCP (0x7a69/TCP) Shell Shellcode (168 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (10.1.1.2:0x1337/TCP) Shellcode (72 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (10.1.1.2:0x1337/TCP) Shell (/bin/sh) Shellcode (72 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;#) Shell Shellcode (637 bytes) Windows x86 - Bind TCP Shell + Password (damn_it!$$##@;#) Shellcode (637 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Windows x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes) Windows RT ARM - Bind TCP Shell (4444/TCP) Shellcode Windows RT ARM - Bind TCP (4444/TCP) Shell Shellcode Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP (192.168.122.1:43981/TCP) Shell (/bin/sh) Shellcode Windows x86 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Persistent Access Shellcode (494 bytes) Linux/MIPS (Little Endian) - Reverse TCP /bin/sh Shell (192.168.1.177:31337/TCP) Shellcode (200 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Linux/MIPS (Little Endian) - Reverse TCP (192.168.1.177:31337/TCP) Shell (/bin/sh) Shellcode (200 bytes) Windows 7 x86 - Bind TCP (4444/TCP) Shell Shellcode (357 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP (192.168.1.133:33333/TCP) Shell (/bin/sh) Shellcode (72 bytes) Linux/x86 - Bind TCP (33333/TCP) Shell (/bin/sh) Shellcode (96 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - Bind TCP (17771/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (58 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86 - Bind TCP (5555/TCP) Netcat Shell Shellcode (60 bytes) Mainframe/System Z - Bind TCP Shell (12345/TCP) Null-Free Shellcode (2488 bytes) Mainframe/System Z - Bind TCP (12345/TCP) Shell + Null-Free Shellcode (2488 bytes) OSX/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (144 bytes) OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes) Google Android - Bind Telnetd Shell (1035/TCP) + Environment / Parameters Shellcode (248 bytes) Google Android - Bind TCP (1035/TCP) Telnetd Shell + Environment/Parameters Shellcode (248 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes) Linux x86/x86-64 - Reverse TCP Shell (192.168.1.29:4444/TCP) Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (251 bytes) Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes) Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes) Linux/ARM - Reverse TCP /bin/sh Shell (10.0.0.10:1337/TCP) Shellcode (95 bytes) Linux/ARM - Reverse TCP (10.0.0.10:1337/TCP) Shell (/bin/sh) Shellcode (95 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Linux/x86 - Reverse TCP (::ffff:192.168.64.129:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (159 bytes) Linux/x86 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (1250 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes) Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1234/TCP) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP (1234/TCP) Shell (/bin/sh) Shellcode (87 bytes) (Generator) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes) Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes) Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (98 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + Fork + IPv4/6 + Password + Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP /bin/sh Shell (192.168.57.1:443/TCP) Shellcode (189 bytes) Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes) Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP (9090/TCP) Shell (/bin/zsh) Shellcode (96 bytes) Linux/x86 - Reverse TCP (127.255.255.254:9090/TCP) Shell (/bin/zsh) Shellcode (80 bytes) Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close Shellcode (358 bytes) Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes) Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes) Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes) Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes) Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes) Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes) OpenBSD/x86 - reboot() Shellcode (15 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Windows x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes) Linux - Reverse TCP Multi/Dual Mode Shell Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Linux - Bind TCP Dual/Multi Mode Shell Shellcode (156 bytes) Linux - Reverse TCP Shell + Multi/Dual Mode Shellcode (129 bytes) (Generator) Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Alphanumeric + Staged Shellcode (103 bytes) Linux - Bind TCP Shell + Dual/Multi Mode Shellcode (156 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes) Windows x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Staged + Alphanumeric Shellcode (332 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - Reverse TCP (127.1.1.1:8888/TCP) Shell (/bin/sh) + Null-Free Shellcode (67/69 bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (112 bytes) FreeBSD/x86-64 - Bind TCP Password (R2CBw0cr) /bin/sh Shell Shellcode (127 bytes) FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes) FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes) FreeBSD/x86 - Bind TCP (41254/TCP) Shell (/bin/sh) Shellcode (115 bytes) IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes) IRIX - Bind TCP Shell (/bin/sh) Shellcode (364 bytes) Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes) Android/ARM - Reverse TCP (10.0.2.2:0x3412/TCP) Shell (/system/bin/sh) Shellcode (79 bytes) Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes) Linux/StrongARM - Bind TCP Shell (/bin/sh) Shellcode (203 bytes) Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes) Linux/SuperH (sh4) - Bind TCP (31337/TCP) Shell (/bin/sh) Shellcode (132 bytes) Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes) Linux/x86-64 - shutdown -h now Shellcode (65 bytes) Linux/x86-64 - shutdown -h now Shellcode (64 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes) Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes) Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Polymorphic Shellcode (273 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (44 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86 - Reverse TCP (127.1.1.1:11111/TCP) Shell + Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP (192.168.3.119:54321/TCP) Shell (/bin/bash) Shellcode (110 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86 - Reverse UDP (127.0.0.1:53/UDP) Shell (/bin/sh) Shellcode (668 bytes) Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes) Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes) Linux/ARM (Raspberry Pi) - Bind TCP (4444/TCP) Shell (/bin/sh) Shellcode (192 bytes) Linux/ARM (Raspberry Pi) - Reverse TCP (192.168.0.12:4444/TCP) Shell (/bin/sh) Shellcode (160 bytes)	2018-01-16 05:02:18 +00:00
Offensive Security	f589361686	DB: 2018-01-13 1949 changes to exploits/shellcodes Bird Chat 1.61 - Denial of Service Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow Mercur IMAPD 5.00.14 (Windows x86) - Remote Denial of Service PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow PHP 5.2.0 (Windows x86) - 'PHP_iisfunc.dll' Local Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC) Apple Safari 3.2.3 (Windows x86) - JavaScript 'eval' Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1) Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2) HP Data Protector Media Operations - Null Pointer Dereference Remote Denial of Service AnyDVD 6.7.1.0 - Denial of Service Microsoft Windows - Win32k Pointer Dereferencement (PoC) (MS10-098) Apple Safari - GdiDrawStream Blue Screen of Death Oracle VM VirtualBox 4.1 - Local Denial of Service Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035) VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC) Samba < 3.6.2 (x86) - Denial of Service (PoC) Adobe Flash (Linux x64) - Bad Dereference at 0x23c Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Shared Object Type Confusion Adobe Flash - Heap Buffer Overflow Loading '.FLV' File with Nellymoser Audio Codec Adobe Flash - Heap Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash - Shared Object Type Confusion ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Microsoft Windows Kernel - 'DeferWindowPos' Use-After-Free (MS15-073) Microsoft Windows Kernel - 'UserCommitDesktopMemory' Use-After-Free (MS15-073) Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Microsoft Windows Kernel - 'HmgAllocateObjectAttr' Use-After-Free (MS15-061) Microsoft Windows Kernel - 'win32k!vSolidFillRect' Buffer Overflow (MS15-061) Microsoft Windows Kernel - 'SURFOBJ' Null Pointer Dereference (MS15-061) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097) Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061) Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061) Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Microsoft Windows Kernel - 'FlashWindowEx' Memory Corruption (MS15-097) Microsoft Windows Kernel - 'bGetRealizedBrush' Use-After-Free (MS15-097) Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097) Microsoft Windows Kernel - 'NtGdiBitBlt' Buffer Overflow (MS15-097) Tomabo MP4 Converter 3.10.12 < 3.11.12 - '.m3u' File Crush Application (Denial of Service) Google Chrome - open-vcdiff Out-of-Bounds Read in Browser Process Integer Overflow win32k Desktop and Clipboard - Null Pointer Dereference win32k Clipboard Bitmap - Use-After-Free win32k Desktop and Clipboard - Null Pointer Dereference win32k Clipboard Bitmap - Use-After-Free Adobe Flash Selection.SetSelection - Use-After-Free Adobe Flash Sound.setTransform - Use-After-Free Adobe Flash - Use-After-Free When Setting Stage Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039) Core FTP Server 32-bit Build 587 - Heap Overflow Microsoft Windows - Custom Font Disable Policy Bypass Wireshark 2.0.0 < 2.0.4 - CORBA IDL Dissectors Denial of Service Evostream Media Server 1.7.1 (x64) - Denial of Service Kentico CMS 11.0 - Buffer Overflow PyroBatchFTP < 3.19 - Buffer Overflow Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow Linux Kernel 2.4/2.6 (x86-64) - System Call Emulation Privilege Escalation PHP 5.2.9 (Windows x86) - Local Safemod Bypass Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) HTMLDOC 1.9.x-r1629 (Windows x86) - '.html' Local Buffer Overflow RadASM - '.rap' file Local Buffer Overflow Mini-stream RM-MP3 Converter 3.1.2.1 - '.pls' Local Stack Buffer Overflow Universal Audiotran 1.4.2.4 - Local Overflow (SEH) Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation (1) Linux Kernel 4.6.3 (x86) - 'Netfilter' Local Privilege Escalation (Metasploit) VideoLAN VLC Client (Windows x86) - 'smb://' URI Buffer Overflow (Metasploit) QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit) PHP 5.4.3 (Windows x86 Polish) - Code Execution Microsoft Windows Kernel - Intel x64 SYSRET (MS12-042) Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure Linux Kernel 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Local Privilege Escalation (1) Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Local Privilege Escalation (2) Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Local Privilege Escalation (2) Novell Client 2 SP3 - 'nicm.sys' Local Privilege Escalation (Metasploit) Solaris Recommended Patch Cluster 6/19 (x86) - Local Privilege Escalation Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation (Metasploit) Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Local Privilege Escalation (3) LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Microsoft Windows - NTUserMessageCall Win32k Kernel Pool Overflow 'schlamperei.x86.dll' (MS13-053) (Metasploit) Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Echo Race Condition Privilege Escalation Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Privilege Escalation (3) TeamViewer 11.0.65452 (x64) - Local Credentials Disclosure OpenVPN Private Tunnel Core Service - Unquoted Service Path Privilege Escalation Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - 'ptrace/sysret' Local Privilege Escalation Microsoft Windows XP SP3 - 'MQAC.sys' Arbitrary Write Privilege Escalation (Metasploit) Microsoft Bluetooth Personal Area Networking - 'BthPan.sys' Local Privilege Escalation (Metasploit) Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit) Offset2lib - Bypassing Full ASLR On 64 bit Linux Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Linux Kernel (x86-64) - Rowhammer Privilege Escalation Rowhammer - NaCl Sandbox Escape Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058) Linux espfix64 - Nested NMIs Interrupting Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation Linux espfix64 - Nested NMIs Interrupting Privilege Escalation Linux (x86) - Memory Sinkhole Privilege Escalation Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002) Microsoft Windows - Font Driver Buffer Overflow (MS15-078) (Metasploit) TrueCrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation Microsoft Windows 8.1 - 'win32k' Local Privilege Escalation (MS15-010) MySQL 5.5.45 (x64) - Local Credentials Disclosure Microsoft Windows 7 SP1 (x86) - 'WebDAV' Local Privilege Escalation (MS16-016) (1) Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014) Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset Out-of-Bounds Privilege Escalation Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit) Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046) Microsoft Windows (x86) - 'NDISTAPI' Local Privilege Escalation (MS11-062) Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098) PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Local Privilege Escalation Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Local Privilege Escalation Oracle VM VirtualBox 5.0.32 r112930 (x64) - Windows Process COM Injection Privilege Escalation Linux Kernel - 'offset2lib' Stack Clash Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Linux Kernel - 'offset2lib' Stack Clash Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit) Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2) Microsoft Windows 10 RS2 (x64) - 'win32kfull!bFill' Pool Overflow Microsoft Windows 10 Creators Update (version 1703) (x86) - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation BeroFTPD 1.3.4(1) (Linux x86) - Remote Code Execution Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032) Veritas NetBackup 6.0 (Windows x86) - 'bpjava-msvc' Remote Command Execution gpsdrive 2.09 (x86) - 'friendsd2' Remote Format String PrivateWire Gateway 3.7 (Windows x86) - Remote Buffer Overflow (Metasploit) dproxy-nexgen (Linux x86) - Remote Buffer Overflow Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow 3proxy 0.5.3g (Windows x86) - 'proxy.c logurl()' Remote Buffer Overflow 3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl) SapLPD 6.28 (Windows x86) - Remote Buffer Overflow Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) 32bit FTP (09.04.24) - 'CWD Response' Remote Buffer Overflow 32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow 32bit FTP (09.04.24) - 'CWD Response' Universal Overwrite (SEH) 32bit FTP - 'PASV' Reply Client Remote Overflow (Metasploit) Microsoft Internet Explorer 6/7/8 - 'winhlp32.exe MsgBox()' Remote Code Execution Integard Home and Pro 2 - Remote HTTP Buffer Overflow Knox Arkeia Backup Client Type 77 (Windows x86) - Remote Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP UNLOCK Overflow (Metasploit) Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit) AASync 2.2.1.0 (Windows x86) - Remote Stack Buffer Overflow 'LIST' (Metasploit) 32bit FTP Client - Remote Stack Buffer Overflow (Metasploit) SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow (Metasploit) SHTTPD 1.34 (Windows x86) - URI-Encoded POST Request Overflow (Metasploit) Icecast 2.0.1 (Windows x86) - Header Overwrite (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit) Apache (Windows x86) - Chunked Encoding (Metasploit) McAfee ePolicy Orchestrator / ProtectionPilot - Remote Overflow (Metasploit) PeerCast 0.1216 (Windows x86) - URL Handling Buffer Overflow (Metasploit) Oracle 9i XDB (Windows x86) - HTTP PASS Overflow (Metasploit) CA CAM (Windows x86) - 'log_security()' Remote Stack Buffer Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit) Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit) WU-FTPD 2.4.2/2.5 .0/2.6.0 - Remote Format String Stack Overwrite (3) Nginx 1.3.9/1.4.0 (x86) - Brute Force Nginx 1.4.0 (Generic Linux x64) - Remote Overflow Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit) Symantec Endpoint Protection Manager - Authentication Bypass / Code Execution (Metasploit) Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution PCMan FTP Server 2.0.7 - 'RENAME' Remote Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'ls' Remote Buffer Overflow (Metasploit) ALLMediaServer 0.95 - Buffer Overflow Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 7/2008 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007) Rancher Server - Docker Daemon Code Execution (Metasploit) Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Microsoft Internet Explorer 11 (Windows 7 x86) - 'mshtml.dll' Remote Code Execution (MS17-007) PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion Joomla! Component Elite Experts - SQL Injection Traidnt UP - Cross-Site Request Forgery (Add Admin) Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting Infoblox 6.8.2.11 - OS Command Injection Xnami 1.0 - Cross-Site Scripting Taxi Booking Script 1.0 - Cross-site Scripting FreeBSD/x86 - ConnectBack (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - Reverse Connection (172.17.0.9:8000/TCP) + Receive Shellcode + Payload Loader + Return Results Null-Free Shellcode (90 bytes) FreeBSD/x86 - setuid(0); + execve(ipf -Fa); Shellcode (57 bytes) FreeBSD/x86 - setuid(0) + execve(ipf -Fa) Shellcode (57 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]); Shellcode (60 bytes) Linux/MIPS - execve /bin/sh Shellcode (56 bytes) Linux/MIPS (Linksys WRT54G/GL) - execve(_/bin/sh__[_/bin/sh_]_[]) Shellcode (60 bytes) Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - Read /etc/passwd Shellcode (65+ bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - killall5 Shellcode (34 bytes) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Self-Modifying Anti-IDS /bin/sh Shellcode (35/64 bytes) Linux/x86 - HTTP Server (8800/TCP) + Fork Shellcode (166 bytes) Linux/x86 - Bind TCP Listener (5555/TCP) + Receive Shellcode + Payload Loader Shellcode (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - killall5 Polymorphic Shellcode (61 bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) XOR Encoded Shellcode (152 bytes) Linux/x86 - reboot() Polymorphic Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/shadow Polymorphic Shellcode (54 bytes) Linux/x86 - setreuid(geteuid()_ geteuid()) + execve(_/bin/sh__0_0) Shellcode (34 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Flush IPTables Rules (/sbin/iptables -F) Shellcode (176 bytes) Linux/x86 - Bind TCP Shell (8000/TCP) + Add Root User Shellcode (225+ bytes) Linux/x86 - Bind TCP /bin/sh Shell (8000/TCP) Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial Port Shell Binding (/dev/ttyS0) + busybox Launching Null-Free Shellcode (82 bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - Read /etc/passwd Shellcode (65+ bytes) Linux/x86 - chmod 666 /etc/shadow + exit(0) Shellcode (30 bytes) Linux/x86 - killall5 Shellcode (34 bytes) Linux/x86 - PUSH reboot() Shellcode (30 bytes) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes) Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - iopl(3); asm(cli); while(1){} Shellcode (12 bytes) Linux/x86 - System Beep Shellcode (45 bytes) Linux/x86 - ConnectBack (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - Kill All Processes Shellcode (11 bytes) Linux/x86 - execve read Shellcode (92 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - execve(rm -rf /) Shellcode (45 bytes) Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - Reverse UDP tcpdump (54321/UDP) Live Packet Capture Shellcode (151 bytes) Linux/x86 - Append RSA key to /root/.ssh/authorized_keys2 Shellcode (295 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access Shellcode (86 bytes) Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Null-Free Shellcode (28 bytes) Linux/x86 - setresuid(0_0_0) + /bin/sh Shellcode (35 bytes) Linux/x86 - iopl(3) + asm(cli) + while(1){} Shellcode (12 bytes) Linux/x86 - System Beep Shellcode (45 bytes) Linux/x86 - Reverse Connection (140.115.53.35:9999/TCP) + Download A File (cb) + Execute Shellcode (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) Shellcode (39 bytes) Linux/x86 - Reverse TCP cat /etc/shadow (8192/TCP) Shellcode (155 bytes) Linux/x86 - Reverse PHP (Writes to /var/www/cb.php On The Filesystem) Shell Shellcode (508 bytes) Linux/x86 - /bin/rm -rf / + Attempts To Block The Process From Being Stopped Shellcode (132 bytes) Linux/x86 - setuid(0) + setgid(0) + aslr_off (Disable ASLR Security) Shellcode (79 bytes) Linux/x86 - Raw-Socket ICMP/Checksum /bin/sh Shell Shellcode (235 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (40 bytes) Linux/x86 - Kill All Processes Shellcode (11 bytes) Linux/x86 - execve read Shellcode (92 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (40 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit Shellcode (36 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - execve(rm -rf /) Shellcode (45 bytes) Linux/x86 - setuid(0) + execve /bin/sh Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() Null-Free Shellcode (111+ bytes) Linux/x86 - setreuid + Executes Command Shellcode (49+ bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - execve /bin/sh (Re-Use Of Strings In .rodata) Shellcode (16 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + setuid Shellcode (96 bytes) Linux/x86 - Bind TCP Shell (2707/TCP) Shellcode (84 bytes) Linux/x86 - execve Diassembly Obfuscation Shellcode (32 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (100 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes) Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) Linux/x86 - reboot() Shellcode (20 bytes) Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (2) Linux/x86 - Reverse TCP Shell (127.0.0.1:80/TCP) XOR Encoded Shellcode (371 bytes) Linux/x86 - execve /bin/sh + '.ZIP' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.RTF' Header Shellcode (30 bytes) Linux/x86 - execve /bin/sh + '.RIFF' Header Shellcode (28 bytes) Linux/x86 - execve /bin/sh + '.BMP' Bitmap Header Shellcode (27 bytes) Linux/x86 - Read SWAP + Write To /tmp/swr Shellcode (109 bytes) Linux/x86 - Read /tmp/sws + Store In SWAP Shellcode (99 bytes) Linux/x86 - Bind TCP /bin/sh Password (gotfault) Shell (64713/TCP) Shellcode (166 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64713/TCP) Shellcode (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (31 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) Shellcode (33 bytes) Linux/x86 - Download File (HTTP/1.x http://127.0.0.1:8081/foobar.bin) + Receive Shellcode + Payload Loader Shellcode (68+ bytes) Linux/x86 - TCP Proxy (192.168.1.16:1280/TCP) All Connect() Null-Free Shellcode (236 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 (Intel x86 CPUID) - execve /bin/sh XORED Encoded Shellcode (41 bytes) Linux/x86 - execve /bin/sh Shellcode +1 Encoded (39 bytes) Linux/x86 - Add Root User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - Anti-Debug Trick (INT 3h trap) + execve /bin/sh Shellcode (39 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (80 bytes) Linux/x86 - Bind TCP /bin/sh Shell (31337/TCP) + fork() Shellcode (98 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Eject CD-Rom (Follows /dev/cdrom Symlink) + exit() Shellcode (40 bytes) Linux/x86 - Eject/Close CD-Rom Loop (Follows /dev/cdrom Symlink) Shellcode (45 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (32 bytes) Linux/x86 - Reverse TCP Shell (127.0.0.1:31337/TCP) Shellcode (74 bytes) Linux/x86 - Normal Exit With Random (So To Speak) Return Value Shellcode (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) Shellcode (51 bytes) Linux/x86 - Quick (yet conditional_ eax != 0 and edx == 0) exit Shellcode (4 bytes) Linux/x86 - reboot() Shellcode (20 bytes) Linux/x86 - setreuid(0_ 0) + execve /bin/sh Shellcode (31 bytes) Linux/x86 - execve /bin/sh + PUSH Shellcode (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console Shellcode (63 bytes) Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); Shellcode (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); Shellcode (29 bytes) Linux/x86 - _exit(1); Shellcode (7 bytes) Linux/x86 - read(0_buf_2541); + chmod(buf_4755); Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); Exit Shellcode (36/43 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) Linux/x86 - execve code Shellcode (23 bytes) Linux/x86 - execve(_/bin/ash__0_0); Shellcode (21 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - symlink . /bin/sh Shellcode (32 bytes) Linux/x86 - Kill Snort Shellcode (151 bytes) Linux/x86 - Execute At Shared Memory Shellcode (50 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes) Linux/x86 - execve /bin/sh Shellcode (29 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3) Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - execve /bin/sh Shellcode (33 bytes) Linux/x86 - Socket-Proxy (31337:11.22.33.44:80) Shellcode (372 bytes) Linux/x86 - dup2(0_0) + dup2(0_1) + dup2(0_2) Shellcode (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf() Shellcode (29 bytes) Linux/x86 - _exit(1) Shellcode (7 bytes) Linux/x86 - read(0_buf_2541) + chmod(buf_4755) Shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12) + Exit Shellcode (36/43 bytes) Linux/x86 - Snoop /dev/dsp Null-Free Shellcode (172 bytes) Linux/x86 - execve /bin/sh Standard Opcode Array Payload Shellcode (21 bytes) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (2) Linux/x86 - Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (23 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (27 bytes) Linux/x86 - execve /bin/sh sysenter Opcode Array Payload Shellcode (45 bytes) Linux/x86 - Break chroot (../ 20x Loop) + execve /bin/sh Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - setreuid + execve Shellcode (31 bytes) Linux/x86 - Alphanumeric Encoded Shellcode (64 bytes) Linux/x86 - Alphanumeric Encoder (IMUL Method) Shellcode (88 bytes) Linux/x86 - Self-Modifying Radical Shellcode (70 bytes) Linux/x86 - Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes) Linux/x86 - execve code Shellcode (23 bytes) Linux/x86 - execve(_/bin/ash__0_0) Shellcode (21 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/IA32 - execve /bin/sh 0xff-Free Shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring Shellcode (56 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) ToUpper Encoded Shellcode (226 bytes) Linux/x86 - Add Root User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - symlink . /bin/sh Shellcode (32 bytes) Linux/x86 - Kill Snort Shellcode (151 bytes) Linux/x86 - Execute At Shared Memory Shellcode (50 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (45 bytes) Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (58 bytes) Linux/x86 - Reverse Telnet Shell (200.182.207.235) Shellcode (134 bytes) Linux/x86 - Reverse TCP /bin/sh Shell Shellcode (120 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy + chmod 4555 katy Shellcode (126 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (64 bytes) Linux/x86 - xterm -ut -display 1270.0.0.1:0 Shellcode (132 bytes) Linux/x86 - Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (82 bytes) Linux/x86 - execve /bin/sh Shellcode (29 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (3) Linux/x86 - execve /bin/sh Shellcode (38 bytes) Linux/x86 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - execve /bin/sh + setreuid(12_12) Shellcode (50 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) Shellcode (92 bytes) Linux/x86 - Bind TCP Shell (5074/TCP) + fork() Shellcode (130 bytes) Linux/x86 - Add Root User (t00r) Shellcode (82 bytes) Linux/x86 - Add Root User Shellcode (104 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (34 bytes) Linux/x86 - Break chroot (../ 10x Loop) Shellcode (46 bytes) Linux/x86 - Break chroot + execve /bin/sh Shellcode (80 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh XOR Encoded Shellcode (55 bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh ToLower Encoded Shellcode (55 bytes) Linux/x86 - Add Root User (z) Shellcode (70 bytes) Linux/x86 - setreuid(0_ 0) + Break chroot (mkdir/chdir/chroot _../_) + execve /bin/sh Shellcode (132 bytes) Linux/x86-64 - Bind TCP Shell (4444/TCP) Shellcode (132 bytes) Linux/x86-64 - execve /bin/sh Shellcode (33 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0) + execve(_/bin//sh__ ..._ NULL); Shellcode (30 bytes) SCO/x86 - execve(_/bin/sh__ ..._ NULL); Shellcode (43 bytes) SCO/x86 - execve(_/bin/sh__ ..._ NULL) Shellcode (43 bytes) Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(//bin/sh) + exit(0) Null-Free Shellcode (39 bytes) Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - ConnectBack + Download A File + Save + Execute Shellcode Windows 5.0 < 7.0 x86 - Bind TCP Shell (28876/TCP) Null-Free Shellcode Windows XP SP2 x86 (English) - cmd.exe Shellcode (23 bytes) Windows x86 - Egg Omelet SEH Shellcode Windows x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes) Windows x86 - PEB!NtGlobalFlags Shellcode (14 bytes) Windows XP SP2 x86 (French) - cmd.exe Shellcode (32 bytes) Windows XP SP2 x86 - cmd.exe Shellcode (57 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder Alphanumeric Shellcode (67 bytes) Windows x86 - PEB _Kernel32.dll_ ImageBase Finder (ASCII Printable) Shellcode (49 bytes) Windows x86 - Reverse Connection + Download A File + Save + Execute Shellcode Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows x86 - Download File + Execute Shellcode (192 bytes) Windows x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes) Windows NT/XP x86 - IsDebuggerPresent Shellcode (39 bytes) Windows SP1/SP2 x86 - Beep Shellcode (35 bytes) Windows XP SP2 x86 - MessageBox Shellcode (110 bytes) Windows x86 - Command WinExec() Shellcode (104+ bytes) Windows x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes) Windows NT/2000/XP (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic without Loader (192.168.1.11:4919) Shellcode (249 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method Shellcode (35 bytes) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows - DCOM RPC2 Universal Shellcode Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - Kill All Processes Shellcode (9 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve Shellcode (51 bytes) Windows XP/2000/2003 - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes) Windows XP - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) Null-Free Shellcode Windows XP SP1 - Bind TCP Shell (58821/TCP) Shellcode (116 bytes) Windows - DCOM RPC2 Universal Shellcode Windows x64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes) Linux/x86 - Kill All Processes Shellcode (9 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - execve Shellcode (51 bytes) Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Linux/x86 - Overwrite MBR on /dev/sda with _LOL!' Shellcode (43 bytes) Windows XP SP3 x86 - ShellExecuteA Shellcode Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Windows XP SP3 x86 - Add Firewall Rule (Allow 445/TCP) Traffic Shellcode Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Windows XP SP2 x86 - calc.exe Shellcode (45 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Windows XP SP2 x86 (English / Arabic) - cmd.exe Shellcode (23 bytes) Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes) Linux/x86 - setuid + Break chroot (mkdir/chdir/chroot '...') + execve /bin/sh Shellcode (79 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (1) Linux/x86 - Add Root User (toor) To /etc/passwd + exit() Shellcode (107 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Linux/x86 - Disable modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes) Windows XP SP2 x86 (French) - calc Shellcode (19 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Linux/x86 - ip6tables -F Shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes) Linux/i686 - pacman -R <package> Shellcode (59 bytes) Linux/x86 - execve /bin/cat /etc/passwd Shellcode (43 bytes) Windows XP SP3 x86 (English) - cmd.exe Shellcode (26 bytes) Windows XP SP2 x86 (Turkish) - cmd.exe Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (8 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (2) Windows XP Home SP2 (English) - calc.exe Shellcode (37 bytes) Windows XP Home SP3 (English) - calc.exe Shellcode (37 bytes) Linux/x86 - Disable modsecurity Shellcode (64 bytes) Windows x86 - JITed Stage-0 Shellcode Windows x86 - JITed exec notepad Shellcode Windows XP Professional SP2 (Italian) - calc.exe Shellcode (36 bytes) Windows XP SP2 x86 - write.exe + ExitProcess WinExec Shellcode (16 bytes) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Windows XP SP3 x86 (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes) Windows x86 - MessageBox Shellcode (Metasploit) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86 - DoS Badger Game Shellcode (6 bytes) Linux/x86 - DoS SLoc Shellcode (55 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86 - DoS Badger Game Shellcode (6 bytes) Linux/x86 - DoS SLoc Shellcode (55 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (33 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (29 bytes) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (2) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); Shellcode (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) (2) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes) Linux/x86-64 - execve /bin/sh Shellcode (30 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Shellcode (33 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (French) - Download File (http://www.site.com/nc.exe_) + Execute (c:\backdor.exe) Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_) Shellcode (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes) Linux/x86 - Disable ASLR Security Shellcode (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - Kill All Running Process Shellcode (11 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) Linux/x86 - Hard Reboot Shellcode (29 bytes) Linux/x86 - Hard Reboot Shellcode (33 bytes) Linux/x86 - Disable ASLR Security Shellcode (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Windows 7 Professional SP1 x64 (FR) - Beep Shellcode (39 bytes) Linux/x86 - setuid(0) + chmod 0666 /etc/shadow Polymorphic Shellcode (61 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/shadow Shellcode (39 bytes) Linux/x86 - Kill All Running Process Shellcode (11 bytes) Linux/x86 - (sys_chmod syscall) chmod 0777 /etc/passwd Shellcode (39 bytes) Linux/x86 - sys_execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - unlink _/etc/shadow_ Shellcode (33 bytes) Linux/x86 - Hard Reboot Shellcode (29 bytes) Linux/x86 - Hard Reboot Shellcode (33 bytes) Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes) Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86 - chown root:root /bin/sh Shellcode (48 bytes) Linux/x86 - Give All Users Root Access When Executing /bin/sh Shellcode (45 bytes) Linux/x86 - Reverse Netcat Shell (8080/TCP) Shellcode (76 bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes) Linux/x86 - Bind TCP Shell (31337/TCP) + setreuid(0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Windows XP SP3 (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) Linux/x86 - execve /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) XOR 88 Encoded Polymorphic Shellcode (78 bytes) Linux/x86 - Bind TCP /bin/sh Shell (64533/TCP) Shellcode (97 bytes) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows x86 - Write-to-file ('pwned' ./f.txt) Null-Free Shellcode (278 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (49 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (8080/TCP) Shellcode (75 bytes) Linux/x86 - execve /bin/sh Polymorphic Null-Free Shellcode (46 bytes) Windows x86 - Egghunter Checksum Routine Shellcode (18 bytes) Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes) Linux/ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Linux/ARM - Bind UDP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode Windows 5.0 < 7.0 x86 - Speaking 'You got pwned!' Null-Free Shellcode Windows x86 - Eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) Windows x86 - Eggsearch Shellcode (33 bytes) Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Netcat (/usr/bin/netcat) /bin/sh Shell (6666/TCP) + Polymorphic XOR Encoded Shellcode (69/93 bytes) Linux/x86 - Disable ASLR Security Shellcode (83 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/x86 - Reverse TCP SSL Shell (localhost:8080/TCP) Shellcode (422 bytes) Linux/SuperH (sh4) - Add Root User (shell-storm/toor) Shellcode (143 bytes) Windows PerfectXp-pc1/SP3 x86 (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes) Linux/x86 - Egghunter Null-Free Shellcode (29 bytes) Linux/SuperH (sh4) - setuid(0); + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/SuperH (sh4) - setuid(0) + execve(_/bin/sh__ NULL_ NULL) Shellcode (27 bytes) Linux/x86-64 - execve /bin/sh Shellcode (52 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - execve /bin/dash Shellcode (42 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Linux/x86 - setuid(0) + setgid(0) + Add Root User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For '.PHP'/'.HTML' Writable Files + Add Code Shellcode (380+ bytes) Linux/x86-64 - Add Root User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - execve /bin/dash Shellcode (42 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Windows x86 - Bind TCP Password (damn_it!$$##@;*#) Shell Shellcode (637 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Windows x64 - Bind TCP Shell (4444/TCP) Shellcode (508 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Linux/x86 - Reverse TCP Shell (192.168.1.10:31337/TCP) Shellcode (92 bytes) MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/MIPS (Little Endian) - system() Shellcode (80 bytes) Linux/x86 - Egghunter Shellcode (31 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Linux/x86 - Egghunter Shellcode (31 bytes) Linux/x86 - Egg Omelet (Multi-Egghunter) + Reverse TCP /bin/sh Shell (192.168.122.1:43981/TCP) Shellcode Windows x86 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Persistent Access Shellcode (494 bytes) Windows 7 x86 - Bind TCP Shell (4444/TCP) Shellcode (357 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL); Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86 - execve /bin/sh + Socket Re-Use Shellcode (50 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Reverse TCP /bin/bash Shell (127.1.1.1:6969/TCP) Shellcode (139 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Shellcode (77 bytes) Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) Position Independent Alphanumeric Shellcode (87 bytes) Linux/x86 - rmdir Shellcode (37 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) + Password (Z~r0) Null-Free Shellcode (81/96 bytes) Linux/x86-64 - Reverse TCP Password (Z~r0) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free + Null-Mask Shellcode (77-85/90-98 bytes) Windows x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes) Linux/x86 - execve /bin/sh ROT13 Encoded Shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow Obfuscated Shellcode (84 bytes) Linux/x86 - Add Map (127.1.1.1 google.com) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - execve /bin/sh Obfuscated Shellcode (40 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.1.133:33333/TCP) Shellcode (72 bytes) Linux/x86 - Bind TCP /bin/sh Shell (33333/TCP) Shellcode (96 bytes) Linux/x86 - Disable ASLR Security Shellcode (84 bytes) Linux/x86 - Egghunter Shellcode (20 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Linux/x86 - Create _my.txt_ In Working Directory Shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) Shellcode (49 bytes) Linux/x86 - execve /bin/sh Shellcode (35 bytes) Windows XP SP3 x86 - Create (_file.txt_) Shellcode (83 bytes) Windows XP SP3 x86 - Restart Shellcode (57 bytes) Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - exit(0) Shellcode (6 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - Shutdown(init 0) Shellcode (30 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes) Linux/x86 - Download File + Execute Shellcode Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (23 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec /bin/dash Shellcode (45 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) Linux/x86 - execve /bin/sh (Push Method) Shellcode (21 bytes) Linux/x86-64 - execve /bin/sh Via Push Shellcode (23 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (17771/TCP) Shellcode (58 bytes) Linux/x86 - exit(0) Shellcode (6 bytes) Linux/x86 - execve /bin/sh Shellcode (26 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) (1) Linux/x86 - chmod 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - Shutdown(init 0) Shellcode (30 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Netcat Shell (5555/TCP) Shellcode (60 bytes) Linux/x86-64 - execve /bin/sh Null-Free Shellcode (30 bytes) Linux/x86 - Download File + Execute Shellcode Linux/x86 - Reboot Shellcode (28 bytes) Linux/x86 - execve /bin/sh Shellcode (23 bytes) Linux/x86 - chmod 0777 /etc/passwd Shellcode (42 bytes) Linux/x86 - chmod /etc/gshadow Shellcode (37 bytes) Linux/x86 - chmod 0777 /etc/shadow Shellcode (42 bytes) Linux/x86 - exec /bin/dash Shellcode (45 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - execve /bin/sh ROT7 Encoded Shellcode Windows XP SP3 x86 (Turkish) - MessageBox Shellcode (24 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free Shellcode (199 bytes) Linux/x86 - execve /bin/sh ROL/ROR Encoded Shellcode Windows 2003 x64 - Token Stealing Shellcode (59 bytes) Linux/x86 - execve /bin/bash Shellcode (31 bytes) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes) Linux/x86-64 - execve /bin/sh Shellcode (34 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (1234) Shell (31173/TCP) Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (103 bytes) Linux/x86-64 - Bind TCP /bin/sh Password (hack) Shell (4444/TCP) Null-Free Shellcode (162 bytes) Linux/x86 - execve /bin/sh Shellcode (24 bytes) (1) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Null-Free Shellcode (151 bytes) Linux/x86-64 - Egghunter Shellcode (18 bytes) Linux/x86 - Egghunter Shellcode (13 bytes) Linux/x86-64 - execve XOR/NOT/DIV Encoded Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86 - Download File + Execute Shellcode (135 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse TCP Password (hack) /bin/sh Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (122 bytes) Linux/x86-64 - Reverse TCP Password (hack) Shell (127.0.0.1:4444/TCP) Polymorphic Shellcode (135 bytes) Linux/x86 - Download File + Execute Shellcode (135 bytes) Linux/x86-64 - execve Stack Polymorphic Shellcode (47 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - execve /bin/sh Shellcode (26 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/bash Shellcode (33 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes) Linux/x86-64 - execve /bin/sh Shellcode (26 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/bash Shellcode (33 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes) Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (86 bytes) Windows x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (::ffff:192.168.64.129:1472/TCP) (IPv6) Shellcode (159 bytes) Linux/x86 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (1250 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Windows .Net Framework x86 - Execute Native x86 Shellcode Linux/x86-64 - Bind TCP /bin/sh Shell (1472/TCP) (IPv6) Shellcode (199 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (192.168.209.131:1472/TCP) (IPv6) Shellcode (203 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes) Linux/x86 - Bind TCP /bin/bash Shell (4444/TCP) Shellcode (656 bytes) Linux/x86-64 - execve XOR Encoded Shellcode (84 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Linux/x86 - Bind Netcat (/bin/nc) /bin/sh Shell (13337/TCP) Shellcode (56 bytes) Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86 - execve /bin/sh + ASLR Bruteforce Shellcode Linux/x86-64 - Reverse TCP cat /etc/passwd (192.168.86.128:1472/TCP) Shellcode (164 bytes) Linux/x86-64 - Bind Netcat Shell Null-Free Shellcode (64 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (98 bytes) Linux/x86-64 - Bind Ncat Shell (4442/TCP) / SSL / Multi-Channel (4444-4447/TCP) / Persistant / Fork / IPv4/6 / Password Null-Free Shellcode (176 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (192.168.227.129:4444/TCP) Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4/TCP) / Continuously Probing via Socket / Port-Range (391-399) / Password (la crips) Null-Free Shellcode (172 bytes) Linux/x86 - Reverse Xterm Shell (127.1.1.1:10) Shellcode (68 bytes) Linux/x86-64 - Bind TCP Shell (4442/TCP) / Syscall Persistent / Multi-Terminal (4444-4447/TCP) / Password (la crips) / Daemon Shellcode (83/148/177 bytes) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Linux/x86-64 - Reverse TCP Shell (10.1.1.4:46357/TCP) / Subtle Probing / Timer / Burst / Password (la crips) / Multi-Terminal Shellcode (84/122/172 bytes) Windows 7 x86 - localhost Port Scanner Shellcode (556 bytes) Linux/x86 - Bind Netcat Shell (98/TCP + UDP) Shellcode (44/52 bytes) Linux/x86 - Bind TCP /bin/zsh Shell (9090/TCP) Shellcode (96 bytes) Linux/x86 - Reverse TCP /bin/zsh Shell (127.255.255.254:9090/TCP) Shellcode (80 bytes) Windows x86 - MessageBoxA Shellcode (242 bytes) Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes) Windows x86 - InitiateSystemShutdownA() Shellcode (599 bytes) Windows x64 - cmd.exe WinExec() Shellcode (93 bytes) Windows x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes) Windows x64 - Reverse TCP Shell (192.168.232.129:4444/TCP) + Injection Shellcode (694 bytes) Linux/x86-64 - execve /bin/sh -c reboot Shellcode (89 bytes) Windows x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes) Linux/x86 - Reverse Netcat + mkfifo (-e option disabled) Shell (localhost:9999) Shellcode (180 bytes) Linux/x86 - execve /bin/bash -c Arbitrary Command Execution Null-Free Shellcode (72 bytes) Windows x64 - Bind TCP Password (h271508F) Shell (2493/TCP) Shellcode (825 bytes) Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes) Linux/x86-64 - mkdir Shellcode (25 bytes) Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (87 bytes) Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86 - Reverse TCP /bin/sh Alphanumeric Staged Shell (127.0.0.1:4444/TCP) Shellcode (103 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Windows x86 - SE_DACL_PROTECTED Protect Process Shellcode (229 bytes) Linux/x86-64 - Reverse TCP /bin/sh Shell (127.0.0.1:4444/TCP) Shellcode (65 bytes) Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes) Linux/x86-64 - Egghunter Shellcode (38 bytes) Windows x86 - Executable Directory Search Null-Free Shellcode (130 bytes) Linux/x86-64 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (54 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.45:4444/TCP) Shellcode (84 bytes) Windows x86 - Reverse TCP Staged Alphanumeric Shell (127.0.0.1:4444/TCP) Shellcode (332 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) Polymorphic Shellcode (106 bytes) Windows x86 - Hide Console Window Shellcode (182 bytes) Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes) Linux/x86 - execve /bin/dash Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes) Linux/ARM - chmod(_/etc/passwd__ 0777) Shellcode (39 bytes) Linux/ARM - creat(_/root/pwned__ 0777) Shellcode (39 bytes) Linux/ARM - execve(_/bin/sh__ []_ [0 vars]) Shellcode (35 bytes) Linux/ARM - execve(_/bin/sh__NULL_0) Shellcode (31 bytes) Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes) Linux/StrongARM - setuid() Shellcode (20 bytes) Linux/StrongARM - execve(/bin/sh) Shellcode (47 bytes) Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes) Linux/SPARC - setreuid(0_0) + execve(/bin/sh) Shellcode (64 bytes) Linux/SuperH (sh4) - execve(_/bin/sh__ 0_ 0) Shellcode (19 bytes) Linux/SuperH (sh4) - Bind TCP /bin/sh Shell (31337/TCP) Shellcode (132 bytes) Linux/SPARC - setreuid(0_0) + standard execve() Shellcode (72 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes) Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes) Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) Shellcode (43 bytes) Linux/x86 - exceve /bin/sh Encoded Shellcode (44 bytes) Linux/x86 - Bind TCP /bin/sh Shell (Random TCP Port) Shellcode (44 bytes) Linux/x86 - Read /etc/passwd Shellcode (54 bytes) Linux/x86 - Reverse TCP Shell (127.1.1.1:11111/TCP) Null-Free Shellcode (67 bytes) Linux/x86 - Reverse TCP /bin/bash Shell (192.168.3.119:54321/TCP) Shellcode (110 bytes) Linux/x86-64 - execve /bin/sh Shellcode (21 bytes) Linux/x86 - execve /bin/sh Shellcode (21 bytes) Windows 10 x64 - Egghunter Shellcode (45 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86 - Egghunter Shellcode (18 bytes) Linux/x86 - Disable ASLR Security Shellcode (80 bytes) Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (24 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86 - Fork Bomb Shellcode (9 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes) Linux/x86-64 - execve /bin/sh Shellcode (24 bytes) Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes) Linux/x86 - Bind TCP /bin/sh Shell (4444/TCP) Null-Free Shellcode (75 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes) Linux x86 - execve /bin/sh Shellcode (24 bytes) Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86 - Fork Bomb Shellcode (9 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (30 bytes) Windows x64 - API Hooking Shellcode (117 bytes)	2018-01-13 05:02:13 +00:00

1 2 3 4

155 commits