![]() 9 new exploits Apache 2.0.52 - HTTP GET request Denial of Service Apache 2.0.52 - GET Request Denial of Service Microsoft IIS - Malformed HTTP Request Denial of Service (1) Microsoft IIS - Malformed HTTP Request Denial of Service (2) Microsoft IIS - HTTP Request Denial of Service (1) Microsoft IIS - HTTP Request Denial of Service (2) Microsoft IIS - Malformed HTTP Request Denial of Service Microsoft IIS - HTTP Request Denial of Service Adobe Acrobat Reader 8.1.2 - Malformed '.PDF' Remote Denial of Service (PoC) Adobe Acrobat Reader 8.1.2 - '.PDF' Remote Denial of Service (PoC) Allegro RomPager 2.10 - Malformed URL Request Denial of Service Allegro RomPager 2.10 - URL Request Denial of Service AVM KEN! 1.3.10/1.4.30 - Malformed Request Remote Denial of Service AVM KEN! 1.3.10/1.4.30 - Remote Denial of Service Netwin SurgeFTP 1.0b - Malformed Request Denial of Service Netwin SurgeFTP 1.0b - Denial of Service iCal 3.7 - Malformed HTTP Request Denial of Service iCal 3.7 - HTTP Request Denial of Service 3ware Disk Managment 1.10 - Malformed HTTP Request Denial of Service 3ware Disk Managment 1.10 - HTTP Request Denial of Service Pi3Web 2.0.1 - Malformed GET Request Denial of Service Pi3Web 2.0.1 - GET Request Denial of Service Loom Software SurfNow 1.x/2.x - Remote HTTP GET Request Denial of Service Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service Linksys PSUS4 PrintServer - Malformed HTTP POST Request Denial of Service Linksys PSUS4 PrintServer - POST Request Denial of Service Multiple IEA Software Products - HTTP POST Request Denial of Service Multiple IEA Software Products - POST Request Denial of Service Linksys WRH54G 1.1.3 Wireless-G Router - Malformed HTTP Request Denial of Service Linksys WRH54G 1.1.3 Wireless-G Router - HTTP Request Denial of Service Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service D-Link WBR-2310 1.0.4 - HTTP GET Request Remote Buffer Overflow D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow Pelco VideoXpert 1.12.105 - Privilege Escalation Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'Source.jsp' Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Malformed Request Information Disclosure Apache Tomcat 3.2.3/3.2.4 - 'RealPath.jsp' Information Disclosuree PlanetDNS PlanetWeb 1.14 - Malformed Request Remote Buffer Overflow PlanetDNS PlanetWeb 1.14 - Remote Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - Malformed SOCKS4 Request Buffer Overflow AN HTTPD 1.38/1.39/1.40/1.41 - SOCKS4 Request Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow JBoss 3.x/4.0.2 - Malformed HTTP Request Remote Information Disclosure JBoss 3.x/4.0.2 - HTTP Request Remote Information Disclosure Easy File Sharing Web Server 7.2 - GET HTTP Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - HEAD HTTP Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH) Microsoft Windows Windows 8/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010) Easy File Sharing Web Server 7.2 - GET HTTP Request 'PassWD' Buffer Overflow (DEP Bypass) NfSen <= 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass) Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010) (Generator) - HTTP/1.x requests Shellcode (18+ bytes / 26+ bytes) (Generator) - HTTP/1.x Requests Shellcode (18+ bytes / 26+ bytes) Linux/x86-64 - flush iptables rules Shellcode (84 bytes) Linux/x86-64 - Flush IPTables Rules Shellcode (84 bytes) Linux/x86 - Self-modifying for IDS evasion Shellcode (64 bytes) Linux/x86 - Self-Modifying Anti-IDS Shellcode (64 bytes) Linux/x86 - Bind 8000/TCP + Add User with Root Access Shellcode (225+ bytes) Linux/x86 - Bind 8000/TCP + Add Root User Shellcode (225+ bytes) Linux/x86 - File unlinker Shellcode (18+ bytes) Linux/x86 - Perl script execution Shellcode (99+ bytes) Linux/x86 - file reader Shellcode (65+ bytes) Linux/x86 - File Unlinker Shellcode (18+ bytes) Linux/x86 - Perl Script Execution Shellcode (99+ bytes) Linux/x86 - File Reader Shellcode (65+ bytes) Linux/x86 - Add Root User 'r00t' Without Password To /etc/passwd Shellcode (69 bytes) Linux/x86 - Add Root User (r00t) To /etc/passwd Shellcode (69 bytes) Linux/x86 - execve /bin/sh anti-ids Shellcode (40 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (40 bytes) Linux/x86 - Add User 'xtz' without Password to /etc/passwd Shellcode (59 bytes) Linux/x86 - Add User (xtz) To /etc/passwd Shellcode (59 bytes) Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) Shellcode (39 bytes) Linux/x86 - Open CD-Rom Loop 24/7 (Follows /dev/cdrom Symlink) Shellcode (39 bytes) Linux/x86 - Radically Self Modifying Code Shellcode (70 bytes) Linux/x86 - Magic Byte Self Modifying Code Shellcode (76 bytes) Linux/x86 - Radically Self-Modifying Shellcode (70 bytes) Linux/x86 - Magic Byte Self-Modifying Shellcode (76 bytes) Linux/x86 - Add User 't00r' encrypt Shellcode (116 bytes) Linux/x86 - chmod 666 shadow ENCRYPT Shellcode (75 bytes) Linux/x86 - Add User (t00r) Anti-IDS Shellcode (116 bytes) Linux/x86 - chmod 666 /etc/shadow Anti-IDS Shellcode (75 bytes) Linux/x86 - Add User 't00r' Shellcode (82 bytes) Linux/x86 - Add User (t00r) Shellcode (82 bytes) Linux/x86 - execve /bin/sh encrypted Shellcode (58 bytes) Linux/x86 - execve /bin/sh xor encrypted Shellcode (55 bytes) Linux/x86 - execve /bin/sh Anti-IDS Shellcode (58 bytes) Linux/x86 - execve /bin/sh (XOR Encoded) Shellcode (55 bytes) Linux/x86 - Add User 'z' Shellcode (70 bytes) Linux/x86 - Add User (z) Shellcode (70 bytes) Linux/x86 - hard / unclean reboot Shellcode (29 bytes) Linux/x86 - hard / unclean reboot Shellcode (33 bytes) Linux/x86 - Hard / Unclean Reboot Shellcode (29 bytes) Linux/x86 - Hard / Unclean Reboot Shellcode (33 bytes) Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes) Linux - Drop SUID Root Shell (/tmp/.hiddenshell) Polymorphic Shellcode (161 bytes) Linux - _nc -lp 31337 -e /bin//sh_ Polymorphic Shellcode (91 bytes) Linux - Bind Shell (nc -lp 31337 -e /bin//sh) Polymorphic Shellcode (91 bytes) Linux - Find all writeable folder in filesystem polymorphic Shellcode (91 bytes) Linux - Find All Writeable Folder In FileSystem Polymorphic Shellcode (91 bytes) Linux/x86 - setuid(0) + setgid(0) + add user 'iph' Without Password to /etc/passwd Polymorphic Shellcode Linux/x86 - Search For php/html Writable Files and Add Your Code Shellcode (380+ bytes) Linux/x86 - setuid(0) + setgid(0) + Add User (iph) To /etc/passwd Polymorphic Shellcode Linux/x86 - Search For PHP/HTML Writable Files and Add Your Code Shellcode (380+ bytes) Linux/x86 - Remote Port Forwarding Shellcode (87 bytes) Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes) Linux/x86 - Reverse TCP Bind 192.168.1.10:31337 Shellcode (92 bytes) Linux/x86 - Reverse TCP (192.168.1.10:31337) Shellcode (92 bytes) Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) Shellcode (77 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Shellcode (77 bytes) Linux/x86 - Add Map google.com to 127.1.1.1 Obfuscated Shellcode (98 bytes) Linux/x86 - Add Map (google.com 127.1.1.1) In /etc/hosts Obfuscated Shellcode (98 bytes) Linux/x86 - /bin/sh ROT7 Encoded Shellcode Linux/x86 - /bin/sh (ROT7 Encoded) Shellcode Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode Linux/x86 - /bin/sh (ROL/ROR Encoded) Shellcode Linux x86/x86-64 - tcp_bind Port 4444 Shellcode (251 bytes) Linux x86/x86-64 - Bind 4444/TCP Shellcode (251 bytes) Linux/x86-64 - Bind NetCat Shellcode (64 bytes) Linux/x86-64 - Bind Netcat Shellcode (64 bytes) Linux/x86 - Reverse zsh 9090/TCP Shellcode (80 bytes) Linux/x86 - Reverse ZSH 127.255.255.254:9090/TCP Shellcode (80 bytes) Linux - Multi/Dual mode execve(_/bin/sh__ NULL_ 0) Shellcode (37 bytes) Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes) Linux - execve(_/bin/sh__ NULL_ 0) Multi/Dual Mode Shellcode (37 bytes) Linux - Reverse Shell Multi/Dual Mode Shellcode (Genearator) (129 bytes) Linux - Dual/Multi mode Bind Shell Shellcode (156 bytes) Linux - Bind Shell Dual/Multi Mode Shellcode (156 bytes) Linux/x86-64 - Reverse NetCat Shellcode (72 bytes) Linux/x86-64 - Reverse NetCat Polymorphic Shellcode (106 bytes) Linux/x86-64 - Reverse Netcat Shellcode (72 bytes) Linux/x86-64 - Reverse Netcat Polymorphic Shellcode (106 bytes) Simple Machines Forum (SMF) 1.1.6 - HTTP POST Request Filter Security Bypass Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass NfSen < 1.3.7 / AlienVault OSSIM 5.3.4 - Command Injection Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access) Pelco Sarix/Spectra Cameras - Remote Code Execution Pelco VideoXpert 1.12.105 - Directory Traversal Pelco VideoXpert 1.12.105 - Information Disclosure NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).