A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
c89aecde1c
5 new exploits Easy File Sharing WebServer 1.25 - Denial of Service Easy File Sharing Web Server 1.25 - Denial of Service Twilight WebServer 1.3.3.0 - (GET) Remote Denial of Service Twilight WebServer 1.3.3.0 - 'GET' Remote Denial of Service Kolibri+ WebServer 2 - GET Request Denial of Service Kolibri+ Web Server 2 - GET Request Denial of Service Microsoft FrontPage Personal WebServer 1.0 - PWS Denial of Service Microsoft FrontPage Personal Web Server 1.0 - PWS Denial of Service Michael Lamont Savant WebServer 2.0 - NULL Character Denial of Service Michael Lamont Savant Web Server 2.0 - NULL Character Denial of Service Savant WebServer 3.1 - Malformed Content-Length Denial of Service Savant Web Server 3.1 - Malformed Content-Length Denial of Service Twilight WebServer 1.3.3.0 - GET Request Buffer Overflow Twilight WebServer 1.3.3.0 - 'GET' Request Buffer Overflow Savant WebServer 3.1 - Denial of Service Savant Web Server 3.1 - Denial of Service Media Player Classic 1.5 - (MPC) WebServer Request Handling Remote Denial of Service Media Player Classic (MPC) 1.5 - WebServer Request Handling Remote Denial of Service Savant Web Server 3.1 (French Windows OS support) - Remote Buffer Overflow Savant Web Server 3.1 (French Windows)- Remote Buffer Overflow PMsoftware Simple Web Server 1.0 - Remote Stack Overflow PMSoftware Simple Web Server 1.0 - Remote Stack Overflow NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow NaviCOPA Web Server 2.01 - (GET) Remote Buffer Overflow (Metasploit) NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow (Metasploit) velocity Web-Server 1.0 - Directory Traversal Velocity Web-Server 1.0 - Directory Traversal Navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCOPA Web Server 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCopa WebServer 3.01 - Remote Buffer Overflow NaviCOPA Web Server 3.01 - Remote Buffer Overflow Kolibri+ WebServer 2 - Source Code Disclosure kolibri+ WebServer 2 - Directory Traversal Kolibri+ WebServer 2 - GET Request Remote Overwrite (SEH) Kolibri+ Web Server 2 - Source Code Disclosure kolibri+ Web Server 2 - Directory Traversal Kolibri+ Web Server 2 - GET Request Remote Overwrite (SEH) mongoose Web server 2.11 - Directory Traversal Mongoose Web Server 2.11 - Directory Traversal quickphp Web server 1.9.1 - Directory Traversal QuickPHP Web Server 1.9.1 - Directory Traversal simple Web-Server 1.2 - Directory Traversal Simple Web Server 1.2 - Directory Traversal Microsoft FrontPage personal WebServer 1.0/personal Web server 4.0 - Directory Traversal Microsoft FrontPage Personal Web Server 1.0/4.0 - Directory Traversal Michael Lamont Savant WebServer 2.1 - CGI Source Code Disclosure Michael Lamont Savant Web Server 2.1 - CGI Source Code Disclosure Michael Lamont Savant WebServer 2.1/3.0 - Buffer Overflow Michael Lamont Savant Web Server 2.1/3.0 - Buffer Overflow BEA Systems Weblogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow goahead WebServer 2.0/2.1 - Directory Traversal GoAhead Web Server 2.0/2.1 - Directory Traversal GoAhead WebServer 2.1.x - URL Encoded Slash Directory Traversal GoAhead WebServer 2.1.x - Error Page Cross-Site Scripting GoAhead Web Server 2.1.x - URL Encoded Slash Directory Traversal GoAhead Web Server 2.1.x - Error Page Cross-Site Scripting GoAhead WebServer 2.1 - Arbitrary Command Execution GoAhead Web Server 2.1 - Arbitrary Command Execution Savant WebServer 3.1 - File Disclosure Savant Web Server 3.1 - File Disclosure keyfocus kf Web server 1.0.8 - Directory Traversal Key Focus KF Web Server 1.0.8 - Directory Traversal MiniHTTPServer WebForums Server 1.x/2.0 - Directory Traversal MiniHTTPServer Web Forums Server 1.x/2.0 - Directory Traversal telcondex SimpleWebserver 2.13.31027 build 3289 - Directory Traversal TelCondex SimpleWebserver 2.13.31027 build 3289 - Directory Traversal GoAhead WebServer 2.1.x - ASP Script File Source Code Disclosure GoAhead Web Server 2.1.x - .ASP Script File Source Code Disclosure GoAhead WebServer 2.1.x - Directory Management Policy Bypass GoAhead Web Server 2.1.x - Directory Management Policy Bypass py software active webcam WebServer 4.3/5.5 - Multiple Vulnerabilities PY Software Active Webcam 4.3/5.5 - WebServer Multiple Vulnerabilities Oracle Weblogic Server 10.3 - 'console-help.portal' Cross-Site Scripting Oracle WebLogic Server 10.3 - 'console-help.portal' Cross-Site Scripting Boa Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection GoAhead WebServer 2.18 - addgroup.asp group Parameter Cross-Site Scripting GoAhead WebServer 2.18 - addlimit.asp url Parameter Cross-Site Scripting GoAhead WebServer 2.18 - adduser.asp Multiple Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addgroup.asp' 'group' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'addlimit.asp' 'url' Parameter Cross-Site Scripting GoAhead Web Server 2.18 - 'adduser.asp' Multiple Parameter Cross-Site Scripting GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities GoAhead Web Server 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities Home Web Server 1.9.1 build 164 - Remote Code Execution Home Web Server 1.9.1 (build 164) - Remote Code Execution Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes) BSD/x86 - Portbind Port 31337 Shellcode (83 bytes) BSD/x86 - Portbind Random Port Shellcode (143 bytes) BSD/x86 - Bind 31337/TCP Shellcode (83 bytes) BSD/x86 - Bind Random Port Shellcode (143 bytes) BSD/x86 - Portbind Reverse 6969 Shellcode (129 bytes) BSD/x86 - Reverse Portbind 6969/TCP Shellcode (129 bytes) FreeBSD/x86 - setreuid_ execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes) FreeBSD/x86 - rev connect_ recv_ jmp_ return results Shellcode (90 bytes) FreeBSD/x86 - rev connect + recv + jmp + return results Shellcode (90 bytes) FreeBSD/x86 - Rortbind Reverse 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - Reverse Portbind 127.0.0.1:8000 /bin/sh Shellcode (89 bytes) FreeBSD/x86 - encrypted Shellcode /bin/sh (48 bytes) FreeBSD/x86 - Portbind Port 4883 with Auth Shellcode (222 bytes) FreeBSD/x86 - /bin/sh Encrypted Shellcode (48 bytes) FreeBSD/x86 - Bind 4883/TCP with Auth Shellcode (222 bytes) FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh Shellcode (44 bytes) FreeBSD/x86 - chown 0:0 + chmod 6755 + execve /tmp/sh Shellcode (44 bytes) Linux/x86 - Portbind Shellcode (Generator) Windows XP SP1 - Portbind Shellcode (Generator) Linux/x86 - Bind Shellcode (Generator) Windows XP SP1 - Bind Shellcode (Generator) Cisco IOS - Bind Shellcode Password Protected (116 bytes) Cisco IOS - Bind Password Protected Shellcode (116 bytes) Linux/x86-64 - connect-back semi-stealth Shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - Bind Port 4919 Shellcode (276 bytes) Linux/x86-64 - Connect Back Semi-Stealth Shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - Bind 4919/TCP Shellcode (276 bytes) Linux/PPC - read & exec Shellcode (32 bytes) Linux/PPC - read + exec Shellcode (32 bytes) Linux/SPARC - Portbind Port 8975 Shellcode (284 bytes) Linux/SPARC - Bind 8975/TCP Shellcode (284 bytes) Linux/x86 - Forks a HTTP Server on port 8800/TCP Shellcode (166 bytes) Linux/x86 - Listens for Shellcode on 5555/TCP and jumps to it (83 bytes) Linux/x86 - Polymorphic Shellcode disable Network Card (75 bytes) Linux/x86 - Forks a HTTP Server on 8800/TCP Shellcode (166 bytes) Linux/x86 - Listens for Shellcode on 5555/TCP + Jumps to it (83 bytes) Linux/x86 - Disable Network Card Polymorphic Shellcode (75 bytes) Linux/x86 - /bin/sh polymorphic Shellcode (48 bytes) Linux/x86 - Binding Port 4444 Shellcode (xor-encoded) (152 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (48 bytes) Linux/x86 - Bind 4444/TCP Shellcode (XOR Encoded) (152 bytes) Linux/x86 - Polymorphic chmod(_/etc/shadow__666) Shellcode (54 bytes) Linux/x86 - chmod(_/etc/shadow__666) Polymorphic Shellcode (54 bytes) Linux/x86 - Bind Port 8000 & Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind Port 8000 & Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind Port 8000 ASM Code Linux Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial port shell binding & busybox Launching Shellcode (82 bytes) Linux/x86 - Bind 8000/TCP + Execve Iptables -F Shellcode (176 bytes) Linux/x86 - Bind 8000/TCP + Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP ASM Code Linux Shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) Shellcode (49 bytes) Linux/x86 - Serial port shell binding + busybox Launching Shellcode (82 bytes) Linux/x86 - chmod(_/etc/shadow__666) & exit(0) Shellcode (30 bytes) Linux/x86 - chmod(_/etc/shadow__666) + exit(0) Shellcode (30 bytes) Linux/x86 - Shellcode obfuscator Linux/x86 - Connectback Port 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - Shellcode Obfuscator Linux/x86 - Connectback 54321/UDP Live Packet Capture Shellcode (151 bytes) Linux/x86 - setuid(0) & execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - setuid(0) + execve(/bin/sh_0_0) Shellcode (28 bytes) Linux/x86 - Connect back (140.115.53.35:9999)_ download a file (cb) and execute Shellcode (149 bytes) Linux/x86 - Connectback (140.115.53.35:9999) + download a file (cb) + execute Shellcode (149 bytes) Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem Shellcode (508 bytes) Linux/x86 - Writes A PHP connectback shell (/var/www/cb.php) To The Filesystem Shellcode (508 bytes) Linux/x86 - set system time to 0 and exit Shellcode (12 bytes) Linux/x86 - Add root user 'r00t' with no password to /etc/passwd Shellcode (69 bytes) Linux/x86 - Set System Time to 0 + exit Shellcode (12 bytes) Linux/x86 - Add Root User 'r00t' Without Password To /etc/passwd Shellcode (69 bytes) Linux/x86 - forkbomb Shellcode (7 bytes) Linux/x86 - Fork Bomb Shellcode (7 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() Shellcode (111+ bytes) Linux/x86 - HTTP/1.x GET_ Downloads + execve() Shellcode (111+ bytes) Linux/x86 - stdin re-open and /bin/sh exec Shellcode (39 bytes) Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes) Linux/x86 - setuid(0) and /bin/sh execve() Shellcode (30 bytes) Linux/x86 - setuid/portbind Port 31337 Shellcode (96 bytes) Linux/x86 - Portbind 2707 Shellcode (84 bytes) Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes) Linux/x86 - Bind 31337/TCP + setuid Shellcode (96 bytes) Linux/x86 - Bind 2707/TCP Shellcode (84 bytes) Linux/x86 - SET_PORT() Portbind 31337/TCP Shellcode (100 bytes) Linux/x86 - Bind 31337/TCP SET_PORT() Shellcode (100 bytes) Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + ZIP Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + RTF Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + RIFF Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + Bitmap Header Shellcode (27 bytes) Linux/x86 - Connectback (127.0.0.1:80) (XOR Encoded) Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + .ZIP Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .RTF Header Shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + .RIFF Header Shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + .BMP Bitmap Header Shellcode (27 bytes) Linux/x86 - Password Authentication Portbind 64713 Shellcode (166 bytes) Linux/x86 - Portbind Port 64713 Shellcode (86 bytes) Linux/x86 - Bind Password Authentication 64713/TCP Shellcode (166 bytes) Linux/x86 - Bind 64713/TCP Shellcode (86 bytes) Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh_ [/bin/sh_ NULL]) Shellcode (37 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP Shellcode (68+ bytes) Linux/x86 - HTTP/1.x GET_ Downloads + JMP Shellcode (68+ bytes) Linux/x86 - execve /bin/sh Shellcode (encoded by +1) (39 bytes) Linux/x86 - execve /bin/sh Shellcode (+1 Encoded) (39 bytes) Linux/x86 - Connect-back Shellcode 127.0.0.1:31337/TCP (74 bytes) Linux/x86 - Connectback Shellcode 127.0.0.1:31337/TCP (74 bytes) Linux/x86 - Connect Back Shellcode (90 bytes) Linux/x86 - socket-proxy Shellcode (372 bytes) Linux/x86 - Connectback Shellcode (90 bytes) Linux/x86 - Socket-proxy Shellcode (372 bytes) Linux/x86 - chroot & standart Shellcode (66 bytes) Linux/x86 - upload & exec Shellcode (189 bytes) Linux/x86 - chroot + standart Shellcode (66 bytes) Linux/x86 - upload + exec Shellcode (189 bytes) Linux/x86 - alpha-numeric Shellcode (64 bytes) Linux/x86 - alpha-numeric using IMUL Method Shellcode (88 bytes) Linux/x86 - Alphanumeric Shellcode (64 bytes) Linux/x86 - Alphanumeric using IMUL Method Shellcode (88 bytes) Linux/x86 - execve /bin/sh alphanumeric Shellcode (392 bytes) Linux/x86 - execve /bin/sh Alphanumeric Shellcode (392 bytes) Linux/x86 - Portbind Port 5074 toupper Shellcode (226 bytes) Linux/x86 - Bind 5074/TCP (ToUpper Encoded) Shellcode (226 bytes) Linux/x86 - shared memory exec Shellcode (50 bytes) Linux/x86 - Shared Memory exec Shellcode (50 bytes) Linux/x86 - Reverse telnet Shellcode (134 bytes) Linux/x86 - Reverse Telnet Shellcode (134 bytes) Linux/x86 - Portbind Port 5074 Shellcode (92 bytes) Linux/x86 - Portbind Port 5074 + fork() Shellcode (130 bytes) Linux/x86 - Bind 5074/TCP Shellcode (92 bytes) Linux/x86 - Bind 5074/TCP + fork() Shellcode (130 bytes) Linux/x86 - Add user Shellcode (104 bytes) Linux/x86 - Add User Shellcode (104 bytes) Linux/x86 - execve /bin/sh tolower() evasion Shellcode (41 bytes) Linux/x86 - execve of /bin/sh after setreuid(0_0) Shellcode (46+ bytes) Linux/x86 - execve /bin/sh (tolower() Evasion) Shellcode (41 bytes) Linux/x86 - setreuid(0_0) + execve /bin/sh Shellcode (46+ bytes) Linux/x86 - execve /bin/sh toupper() evasion Shellcode (55 bytes) Linux/x86 - execve /bin/sh (toupper() Evasion) Shellcode (55 bytes) Linux/x86-64 - Bindshell Port 4444 Shellcode (132 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (132 bytes) NetBSD/x86 - Callback Port 6666 Shellcode (83 bytes) NetBSD/x86 - Callback 6666/TCP Shellcode (83 bytes) OpenBSD/x86 - Portbind Port 6969 Shellcode (148 bytes) OpenBSD/x86 - Bind 6969/TCP Shellcode (148 bytes) OSX/PPC - execve(/bin/sh)_ exit() Shellcode (72 bytes) OSX/PPC - execve(/bin/sh) + exit() Shellcode (72 bytes) Solaris/SPARC - Portbind Port 6666 Shellcode (240 bytes) Solaris/SPARC - Bind 6666/TCP Shellcode (240 bytes) Solaris/SPARC - Portbind Port 6789 Shellcode (228 bytes) Solaris/SPARC - Bind 6789/TCP Shellcode (228 bytes) Solaris/SPARC - Portbind Shellcode (240 bytes) Solaris/x86 - Portbind TCP Shellcode (Generator) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) Shellcode (59 bytes) Solaris/SPARC - Bind Shellcode (240 bytes) Solaris/x86 - Bind TCP Shellcode (Generator) Solaris/x86 - setuid(0) + execve(//bin/sh); + exit(0) Null-Free Shellcode (39 bytes) Solaris/x86 - setuid(0) + execve(/bin/cat_ /etc/shadow) + exit(0) Shellcode (59 bytes) Windows 5.0 < 7.0 x86 - Bind Shell Port 28876 Null-Free Shellcode Windows 5.0 < 7.0 x86 - Bind Shell 28876/TCP Null-Free Shellcode Win32 - Winexec Telnet Bind 23 Port Shellcode (111 bytes) Win32 - Bind 23/TCP Winexec Telnet Shellcode (111 bytes) Win32 - Connectback_ receive_ save and execute Shellcode Win32 - Download & Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download and Exec Shellcode (192 bytes) Win32 - Download & Execute Shellcode (124 bytes) Win32 - Connectback + receive + save + execute Shellcode Win32 - Download + Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download + Exec Shellcode (192 bytes) Win32 - Download + Execute Shellcode (124 bytes) Win32 - Download & Exec Shellcode (226+ bytes) Win32 - Download + Exec Shellcode (226+ bytes) Windows XP/2000/2003 - Download File and Exec Shellcode (241 bytes) Windows XP - Download & Exec Shellcode Windows XP SP1 - Portshell Port 58821 Shellcode (116 bytes) Windows XP/2000/2003 - Download File + Exec Shellcode (241 bytes) Windows XP - Download + Exec Shellcode Windows XP SP1 - Bind 58821/TCP Shellcode (116 bytes) Win64 - (URLDownloadToFileA) Download & Execute Shellcode (218+ bytes) Win64 - (URLDownloadToFileA) Download + Execute Shellcode (218+ bytes) Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) and cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) & exit() Shellcode (33 bytes) Linux/x86 - Linux/x86 execve() Shellcode (51 bytes) Linux/x86 - setuid(0) + execve(_/sbin/poweroff -f_) Shellcode (47 bytes) Linux/x86 - setuid(0) + cat /etc/shadow Shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() Shellcode (33 bytes) Linux/x86 - execve() Shellcode (51 bytes) Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) Shellcode Win32 XP SP3 - Add Firewall Rule to Allow TCP Traffic on Port 445 Shellcode FreeBSD/x86 - Portbind Port 1337 Shellcode (167 bytes) Linux/x86 - setreuid (0_0) + execve(/bin/rm /etc/shadow) Shellcode Win32 XP SP3 - Add Firewall Rule to Allow 445/TCP Traffic Shellcode FreeBSD/x86 - Bind 1337/TCP Shellcode (167 bytes) Linux/x86 - unlink(/etc/passwd) & exit() Shellcode (35 bytes) Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes) Linux/x86 - fork bomb Shellcode (6 bytes) Linux/x86 - append '/etc/passwd' & exit() Shellcode (107 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) Linux/x86 - Append '/etc/passwd' + exit() Shellcode (107 bytes) Linux/x86 - polymorphic Shellcode ip6tables -F (71 bytes) Linux/x86 - ip6tables -F Polymorphic Shellcode (71 bytes) Windows XP/Vista/7 - JITed Egghunter Stage-0 Shellcode Adjusted Universal Linux/x86 - nc -lvve/bin/sh -p13377 Shellcode Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode Linux/x86 - Bind nc -lvve/bin/sh -p13377 Shellcode Linux - write() & exit(0) Shellcode genearator with customizable text Linux/x86 - polymorphic forkbombe Shellcode (30 bytes) Linux/x86 - forkbomb Shellcode (6 bytes) Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes) Linux - write() + exit(0) Shellcode (Genearator With Customizable Text) Linux/x86 - Fork Bomb Polymorphic Shellcode (30 bytes) Linux/x86 - Fork Bomb Shellcode (6 bytes) Linux/x86 - setreud(getuid()_ getuid()) + execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86 - sends 'Phuck3d!' to all terminals Shellcode (60 bytes) Linux/x86 - Sends 'Phuck3d!' To All Terminals Shellcode (60 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) Shellcode (57 bytes) Windows XP SP2 (FR) - Download & Exec Shellcode Linux/x86 - execve(_/bin/bash___-p__NULL) Polymorphic Shellcode (57 bytes) Windows XP SP2 (FR) - Download + Exec Shellcode Linux/x86 - alphanumeric Bomb FORK Shellcode (117 bytes) Linux/x86 - Fork Bomb Alphanumeric Shellcode (117 bytes) Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) Linux/x86 - setuid(0) + chmod(_/etc/shadow__ 0666) Polymorphic Shellcode (61 bytes) Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (_/bin/sh_) Shellcode (39 bytes) Linux/x86 - sys_setuid(0) + sys_setgid(0) + execve (_/bin/sh_) Shellcode (39 bytes) Linux/x86 - Netcat Connectback Port 8080 Shellcode (76 bytes) Linux/x86 - Netcat Connectback 8080/TCP Shellcode (76 bytes) Solaris/x86 - Sync() & reboot() & exit(0) Shellcode (48 bytes) Solaris/x86 - Sync() & reboot() + exit(0) Shellcode (48 bytes) Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) Shellcode (131 bytes) Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86-64 - Add root user _shell-storm_ with password 'leet' Shellcode (390 bytes) Linux/x86 - Bind 31337/TCP + setreuid (0_0) Polymorphic Shellcode (131 bytes) Linux/x86-64 - setuid(0) + chmod (_/etc/passwd__ 0777) & exit(0) Shellcode (63 bytes) Linux/x86-64 - Add Root User (shell-storm/leet) Shellcode (390 bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) Shellcode (28 bytes) Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes) Linux/x86 - Polymorphic /bin/sh Shellcode (116 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) Shellcode (84 bytes) Linux/x86 - /bin/sh Polymorphic Shellcode (116 bytes) Linux/ARM - chmod(_/etc/shadow__ 0777) polymorphic Shellcode (84 bytes) Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded Shellcode (78 bytes) Linux/x86 - Bind Shell Port 64533 Shellcode (97 bytes) Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL); (XOR 88 encoded) Polymorphic Shellcode (78 bytes) Linux/x86 - Bind Shell 64533 Shellcode (97 bytes) Linux - 125 Bind Port 6778 XOR Encoded Polymorphic Shellcode (125 bytes) Linux - Bind 6778/TCP (XOR Encoded) Polymorphic Shellcode (125 bytes) ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (Generator) ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Polymorphic Shellcode (Generator) Linux/x86 - Netcat BindShell Port 8080 Shellcode (75 bytes) Linux/x86 - Bind Shell Netcat 8080/TCP Shellcode (75 bytes) BSD/x86 - Bindshell Port 2525 Shellcode (167 bytes) BSD/x86 - Bind Shell 2525/TCP Shellcode (167 bytes) ARM - Bindshell Port 0x1337 Shellcode ARM - Bind Connect UDP Port 68 Shellcode ARM - Bind Shell Port 0x1337 Shellcode ARM - Bind Connect 68/UDP Shellcode BSD/x86 - 31337 Portbind + fork Shellcode (111 bytes) BSD/x86 - Bind Shell 31337/TCP + fork Shellcode (111 bytes) Linux/SuperH (sh4) - setuid(0) / chmod(_/etc/shadow__ 0666) / exit(0) Shellcode (43 bytes) Linux/x86 - Netcat BindShell Port 6666 Shellcode (69 bytes) Linux/SuperH (sh4) - setuid(0) + chmod(_/etc/shadow__ 0666) + exit(0) Shellcode (43 bytes) Linux/x86 - Bind Shell Netcat 6666/TCP Shellcode (69 bytes) Linux/x86 - egghunt Shellcode (29 bytes) Linux/x86 - Egghunter Shellcode (29 bytes) Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd Linux/x86 - setuid(0) + setgid(0) + add user 'iph' Without Password to /etc/passwd Polymorphic Shellcode Linux/x86-64 - Add user _t0r_ with password _Winner_ Shellcode (189 bytes) Linux/x86-64 - Add User (t0r/Winner) Shellcode (189 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow Shellcode (57 bytes) Linux/x86 - chmod 666 /etc/passwd + /etc/shadow Shellcode (57 bytes) Windows x86 - Password Protected TCP Bind Shellcode (637 bytes) Windows x86 - Bind TCP Password Protected Shellcode (637 bytes) Windows RT ARM - Bind Shell Port 4444 Shellcode Windows RT ARM - Bind Shell 4444/TCP Shellcode Windows x86 - Persistent Reverse Shell TCP (494 Bytes) Windows x86 - Reverse Persistent TCP Shellcode (494 Bytes) Windows 7 x86 - Bind Shell TCP 4444 Shellcode (357 Bytes) Windows 7 x86 - Bind Shell 4444/TCP Shellcode (357 Bytes) Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User 'ALI' & Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + Execute /bin/sh Shellcode (378 bytes) Linux/x86 - chmod 777 (/etc/passwd + /etc/shadow) + Add New Root User (ALI/ALI) + setreuid + Execute /bin/bash Obfuscated Shellcode (521 bytes) Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); Shellcode (87 bytes) Linux/x86-64 - Position independent + execve(_/bin/sh\0__NULL_NULL); Alphanumeric Shellcode (87 bytes) Linux/x86-64 - Bind Port 4444/TCP Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Reverse TCP connect Shellcode (77 to 85 bytes / 90 to 98 bytes with password) Windows x86 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Reverse TCP Connect Shellcode (77 to 85 bytes / 90 to 98 bytes with Password) Windows x86 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows x64 - Add Administrator 'ALI' + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service Obfuscated Shellcode (1218 bytes) Windows XP x86-64 - Download & Execute Shellcode (Generator) Windows XP x86-64 - Download + Execute Shellcode (Generator) Linux/x86 - ROT13 encoded execve(_/bin/sh_) Shellcode (68 bytes) Linux/x86 - execve(_/bin/sh_) (ROT13 Encoded) Shellcode (68 bytes) Linux/x86 - Obfuscated map google.com to 127.1.1.1 Shellcode (98 bytes) Linux/x86 - Obfuscated execve(_/bin/sh_) Shellcode (40 bytes) Linux/x86 - Add Map google.com to 127.1.1.1 Obfuscated Shellcode (98 bytes) Linux/x86 - execve(_/bin/sh_) Obfuscated Shellcode (40 bytes) Linux/x86 - Bind Shell Port 33333/TCP Shellcode (96 bytes) Linux/x86 - Bind Shell 33333/TCP Shellcode (96 bytes) Linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes) Linux/x86 - chmod() 777 /etc/shadow & exit() Shellcode (33 bytes) Linux/x86 - chmod() 777 /etc/shadow + exit() Shellcode (33 bytes) Linux/x86 - mkdir HACK & chmod 777 and exit(0) Shellcode (29 bytes) Linux/x86 - Netcat BindShell Port 5555 Shellcode (60 bytes) Linux/x86 - mkdir HACK + chmod 777 + exit(0) Shellcode (29 bytes) Linux/x86 - Bind Shell Netcat 5555/TCP Shellcode (60 bytes) Linux/x86 - Download & Execute Shellcode Linux/x86 - Download + Execute Shellcode Linux/x86-64 - Encoded execve Shellcode (57 bytes) Linux/x86-64 - encoded execve Shellcode (57 bytes) Linux/x86-64 - execve Encoded Shellcode (57 bytes) Linux/x86 - Egg Hunter Shellcode (19 bytes) Linux/x86 - Egghunter Shellcode (19 bytes) Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes) Mainframe/System Z - Bind Shell 12345/TCP Shellcode (2488 bytes) Linux/x86 - Create file with permission 7775 and exit Shellcode (Generator) Linux/x86 - Create file with permission 7775 + exit Shellcode (Generator) OSX/x86-64 - Bind Port 4444/TPC Null-free Shellcode (144 bytes) OSX/x86-64 - Bind 4444/TCP Null-free Shellcode (144 bytes) Linux/x86-64 - Bindshell Port 31173 with Password Shellcode (92 bytes) Linux/x86-64 - egghunter Shellcode (24 bytes) Linux/x86-64 - Polymorphic execve Shellcode (31 bytes) Linux/x86-64 - Bind 31173/TCP Password Shellcode (92 bytes) Linux/x86-64 - Egghunter Shellcode (24 bytes) Linux/x86-64 - execve Polymorphic Shellcode (31 bytes) Linux/x86-64 - Bind TCP Port Shellcode (103 bytes) Linux/x86-64 - Bind Port 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bindshell 4444/TCP with Password Prompt Shellcode (162 bytes) Linux/x86-64 - Bind 4444/TCP Shellcode (103 bytes) Linux/x86-64 - Bind 4444/TCP Password Prompt Shellcode (162 bytes) Linux/x86-64 - TCP Reverse Shell with Password Prompt Shellcode (151 bytes) Linux/x86-64 - Reverse TCP Password Prompt Shellcode (151 bytes) Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes) Linux/x86-64 - execve (xor/not/div Encoded) Shellcode (54 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (2) (135 bytes) Linux/x86 - Download & Execute Shellcode (135 bytes) Linux/x86-64 - Polymorphic Execve-Stack Shellcode (47 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp Password Polymorphic Shellcode (2) (135 bytes) Linux/x86 - Download + Execute Shellcode (135 bytes) Linux/x86-64 - Execve-Stack Polymorphic Shellcode (47 bytes) Windows x86 - Download & Run via WebDAV Null-Free Shellcode (96 bytes) Windows x86 - Download + Run via WebDAV Null-Free Shellcode (96 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (81 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (81 bytes) Linux/x86-64 - Bindshell Port 5600 Shellcode (86 bytes) Linux/x86-64 - Bind 5600/TCP Shellcode (86 bytes) Linux/x86 - Bind Port 1472/TCP (IPv6) Shellcode (1250 bytes) Linux/x86-64 - Bind Shell Shellcode (Generator) Linux/x86 - Bind 1472/TCP (IPv6) Shellcode (1250 bytes) Linux/x86-64 - Bind Shell Shellcode (Generator) Linux/x86 - Bindshell with Configurable Port Shellcode (87 bytes) Linux/x86 - Bind Shell Configurable Port Shellcode (87 bytes) Linux/x86 - Bind Shell Port 4444/TCP Shellcode (656 bytes) Linux/x86-64 - XOR Encode execve Shellcode (84 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (656 bytes) Linux/x86-64 - execve (XOR Encoded) Shellcode (84 bytes) Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Linux/x86 - Bind Shell /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes) Windows XP < 10 - Download & Execute Shellcode Windows XP < 10 - Download + Execute Shellcode Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes) Linux/x86 - Bind Shell Port 4444/TCP Shellcode (98 bytes) Linux/x86-64 - Bind NetCat Shellcode (64 bytes) Linux/x86 - Bind Shell 4444/TCP Shellcode (98 bytes) Linux/x86 - TCP Reverse Shellcode (75 bytes) Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password Shellcode (172 bytes) Linux/x86 - Reverse TCP Shellcode (75 bytes) Linux/x86-64 - Reverse Continuously Probing Shell via Socket + Port-range + Password Shellcode (172 bytes) Linux/x86 - Netcat Bind Shellcode with Port (44 / 52 bytes) Linux/x86 - zsh Bind Port 9090/TCP Shellcode (96 bytes) Linux/x86 - zsh Reverse Port 9090/TCP Shellcode (80 bytes) Linux/x86 - Bind Netcat Shellcode with Port (44/52 bytes) Linux/x86 - Bind zsh 9090/TCP Shellcode (96 bytes) Linux/x86 - Reverse zsh 9090/TCP Shellcode (80 bytes) Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes) Windows x86 - Reverse UDP Keylogger Shellcode (493 bytes) Windows x64 - Download & Execute Shellcode (358 bytes) Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes) Windows x64 - Download + Execute Shellcode (358 bytes) Linux/x86 - Reverse Netcat (-e option disabled) Shell Shellcode (180 bytes) Windows x64 - Password Protected Bind Shellcode (825 bytes) Windows x64 - Bind Password Protected Shellcode (825 bytes) Linux/x86-64 - Bind Port 5600/TCP - Shellcode (87 bytes) Linux/x86-64 - Bind 5600/TCP - Shellcode (87 bytes) Linux - TCP Reverse Shell Shellcode (65 bytes) Linux/x86-64 - Reverse TCP Shellcode (65 bytes) Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes) Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes) Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes) Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes) Linux/x86-64 - Setuid(0) + Execve(/bin/sh) Polymorphic Shellcode (31 bytes) Linux/x86-64 - Flush IPTables Polymorphic Shellcode (47 bytes) Linux/x86-64 - Reverse NetCat Shellcode (72 bytes) Linux/x86-64 - Reverse NetCat Polymorphic Shellcode (106 bytes) Linux/x86 - Encoded exceve(_/bin/sh_) Shellcode (44 Bytes) Linux/x86 - exceve(_/bin/sh_) Encoded Shellcode (44 Bytes) Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes) Linux/x86 - execve(/bin/sh) setuid(0) setgid(0) (XOR Encoded) Shellcode (66 bytes) simple WebServer 2.3-rc1 - Directory Traversal Simple Web Server 2.3-rc1 - Directory Traversal fastream netfile ftp/web server 6.5/6.7 - Directory Traversal Fastream NETFile FTP/Web Server 6.5/6.7 - Directory Traversal LiteWeb Server 2.5 - Authentication Bypass LiteWEB Web Server 2.5 - Authentication Bypass ActiveWeb Contentserver 5.6.2929 - Picture_Real_Edit.asp SQL Injection ActiveWeb Contentserver 5.6.2929 - 'Picture_Real_Edit.asp' SQL Injection Easy File Sharing WebServer 6.8 - Persistent Cross-Site Scripting Easy File Sharing Web Server 6.8 - Persistent Cross-Site Scripting CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning CMS Made Simple < 1.12.1 / < 2.1.3 - Web Server Cache Poisoning OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).