exploit-db-mirror

History

Offensive Security a9e80c57e9 DB: 2016-07-18 164 new exploits Snitz Forums 3.3.03 - Remote Command Execution Exploit CdRecord <= 2.0 - Mandrake Local Root Exploit Snitz Forums 3.3.03 - Remote Command Execution Exploit CdRecord <= 2.0 - Mandrake Local Root Exploit Webfroot Shoutbox < 2.32 (Apache) Remote Exploit Mandrake Linux 8.2 - /usr/mail Local Exploit Microsoft Windows Media Services - (nsiislog.dll) Remote Exploit Microsoft Windows - (RPC DCOM) Remote Exploit (48 Targets) Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039) Eudora 6.0.3 Attachment Spoofing Exploit (windows) Redhat 6.2 /sbin/restore - Exploit Oracle (oidldapd connect) Local Command Line Overflow Exploit Redhat 6.2 /sbin/restore - Exploit Oracle (oidldapd connect) Local Command Line Overflow Exploit CVS - Remote Entry Line Root Heap Overflow Exploit UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit CVS - Remote Entry Line Root Heap Overflow Exploit UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit Microsoft Outlook Express Window Opener Microsoft Outlook Express Javascript Execution Microsoft Outlook Express Window Opener Microsoft Outlook Express Javascript Execution Ping of Death Remote Denial of Service Exploit Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022) Microsoft Internet Explorer Overly Trusted Location Cache Exploit Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022) Microsoft Internet Explorer Overly Trusted Location Cache Exploit Apache HTTPd - Arbitrary Long HTTP Headers DoS (C) Microsoft Internet Explorer Remote Null Pointer Crash (mshtml.dll) CVSTrac Remote Arbitrary Code Execution Exploit LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit IPD (Integrity Protection Driver) Local Exploit Bird Chat 1.61 - Denial of Service D-Link DCS-900 Camera Remote IP Address Changer Exploit GD Graphics Library Heap Overflow Proof of Concept Exploit vBulletin LAST.php SQL Injection miniBB - Input Validation Hole ('user') phpBB highlight Arbitrary File Upload (Santy.A) Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search) PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion ZeroBoard Worm Source Code Invision Power Board <= 1.3.1 - Login.php SQL Injection Veritas Backup Exec Remote File Access Exploit (windows) ZENworks 6.5 Desktop/Server Management Remote Stack Overflow MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow ZENworks 6.5 Desktop/Server Management Remote Stack Overflow MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047) PHP-Nuke <= 7.8 - Search Module Remote SQL Injection Exploit SGI IRIX <= 6.5.28 - (runpriv) Design Error Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit Microsoft Internet Explorer 7 Popup Address Bar Spoofing Weakness Microsoft Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit Invision Community Blog Mod 1.2.4 - SQL Injection Microsoft Windows - (MessageBox) Memory Corruption Local Denial of Service Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit Microsoft Internet Explorer - Recordset Double Free Memory Exploit (MS07-009) phpGalleryScript 1.0 - (init.gallery.php include_class) RFI Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service PoC Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF Exploit Woltlab Burning Board Addon JGS-Treffen SQL Injection pSys 0.7.0.a (shownews) Remote SQL Injection JAMM CMS (id) Remote Blind SQL Injection Exploit Clever Copy 3.0 (results.php) Remote SQL Injection Exploit GLLCTS2 (listing.php sort) Remote Blind SQL Injection Exploit PHPMyCart (shop.php cat) Remote SQL Injection Cartweaver 3 (prodId) Remote Blind SQL Injection Exploit Oxygen 2.0 (repquote) Remote SQL Injection MyMarket 1.72 - BlindSQL Injection Exploit easyTrade 2.x - (detail.php id) Remote SQL Injection CaupoShop Classic 1.3 - (saArticle[ID]) Remote SQL Injection AcmlmBoard 1.A2 (pow) Remote SQL Injection Catviz 0.4.0 beta1 - Multiple Remote SQL Injection Vulnerabilities DZCP (deV!L_z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit Webspell 4 (Auth Bypass) SQL Injection Microsoft Internet Explorer 7 - Memory Corruption PoC (MS09-002) kloxo 5.75 - Multiple Vulnerabilities Microsoft Office Web Components (Spreadsheet) ActiveX BoF PoC PulseAudio setuid - Local Privilege Escalation Exploit PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation PulseAudio setuid - Local Privilege Escalation Exploit PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X) mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X) eWebeditor Directory Traversal eWebeditor ASP Version - Multiple Vulnerabilities Radasm .rap file Local Buffer Overflow Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes) Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) shellcode (38 bytes) Joomla Component com_event - SQL Injection Aix - execve /bin/sh (88 bytes) BSD - Passive Connection Shellcode bsd/PPC - execve /bin/sh (128 bytes) bsd/x86 - setuid/execve shellcode (30 bytes) bsd/x86 - setuid/portbind shellcode (94 bytes) bsd/x86 - execve /bin/sh multiplatform (27 bytes) bsd/x86 - execve /bin/sh setuid (0) (29 bytes) bsd/x86 - portbind port 31337 (83 bytes) bsd/x86 - portbind port random (143 bytes) bsd/x86 - break chroot (45 bytes) bsd/x86 - execve /bin/sh Crypt /bin/sh (49 bytes) bsd/x86 - execve /bin/sh ENCRYPT* (57 bytes) bsd/x86 - connect (93 bytes) bsd/x86 - cat /etc/master.passwd \| mail [email] (92 bytes) bsd/x86 - reverse portbind (129 bytes) bsdi/x86 - execve /bin/sh (45 bytes) bsdi/x86 - execve /bin/sh (46 bytes) AIX - execve /bin/sh shellcode (88 bytes) BSD - Passive Connection Shellcode (124 bytes) BSD/PPC - execve /bin/sh shellcode (128 bytes) BSD/x86 - setuid(0) then execve /bin/sh shellcode (30 bytes) BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes) BSD/x86 - execve /bin/sh multiplatform shellcode (27 bytes) BSD/x86 - execve /bin/sh setuid (0) shellcode (29 bytes) BSD/x86 - portbind port 31337 shellcode (83 bytes) BSD/x86 - portbind port random shellcode (143 bytes) BSD/x86 - break chroot shellcode (45 bytes) BSD/x86 - execve /bin/sh Crypt /bin/sh shellcode (49 bytes) BSD/x86 - execve /bin/sh ENCRYPT* shellcode (57 bytes) BSD/x86 - connect torootteam.host.sk:2222 shellcode (93 bytes) BSD/x86 - cat /etc/master.passwd \| mail [email] shellcode (92 bytes) BSD/x86 - reverse 6969 portbind shellcode (129 bytes) BSDi/x86 - execve /bin/sh shellcode (45 bytes) BSDi/x86 - execve /bin/sh shellcode (46 bytes) Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (1) bsdi/x86 - execve /bin/sh toupper evasion (97 bytes) FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging) freebsd/x86 - setreuid_ execve(pfctl -d) (56 bytes) freebsd/x86 - connect back.send.exit /etc/passwd (112 bytes) freebsd/x86 - kill all processes (12 bytes) freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes) freebsd/x86 - /bin/cat /etc/master.passwd (NULL free) (65 bytes) freebsd/x86 - reverse portbind /bin/sh (89 bytes) freebsd/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes) freebsd/x86 - encrypted shellcode /bin/sh (48 bytes) freebsd/x86 - portbind 4883 with auth shellcode freebsd/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes) freebsd/x86 - execve /bin/sh (23 bytes) freebsd/x86 - execve /bin/sh (2) (23 bytes) freebsd/x86 - execve /bin/sh (37 bytes) freebsd/x86 - kldload /tmp/o.o (74 bytes) freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes) freebsd/x86 - execve /tmp/sh (34 bytes) freebsd/x86 - connect (102 bytes) freebsd/x86-64 - exec(_/bin/sh_) shellcode (31 bytes) freebsd/x86-64 - execve /bin/sh shellcode (34 bytes) Linux/x86 - execve shellcode generator null byte free Linux/x86 - generate portbind payload Windows XP SP1 - portbind payload (Generator) /bin/sh Polymorphic shellcode with printable ASCII characters Linux/x86 - shellcode null free (Generator) Alphanumeric Shellcode Encoder/Decoder HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes) Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator) iOS Version-independent shellcode Cisco IOS - Connectback Shellcode Cisco IOS - Bind Shellcode 1.0 (116 bytes) Cisco IOS - Tiny Shellcode Cisco IOS - Shellcode And Exploitation Techniques (BlackHat) HPUX - execve /bin/sh (58 bytes) Linux/amd64 - flush iptables rules shellcode (84 bytes) Linux/amd64 - connect-back semi-stealth shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes) BSDi/x86 - execve /bin/sh toupper evasion shellcode (97 bytes) FreeBSD i386 & AMD64 - Execve /bin/sh shellcode (Anti-Debugging) (140 bytes) FreeBSD/x86 - setreuid_ execve(pfctl -d) shellcode (56 bytes) FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes) FreeBSD/x86 - kill all processes shellcode (12 bytes) FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes) FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes) FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes) FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes) FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes) FreeBSD/x86 - portbind 4883 with auth shellcode (222 bytes) FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes) FreeBSD/x86 - execve /bin/sh shellcode (23 bytes) FreeBSD/x86 - execve /bin/sh shellcode (2) (23 bytes) FreeBSD/x86 - execve /bin/sh shellcode (37 bytes) FreeBSD/x86 - kldload /tmp/o.o shellcode (74 bytes) FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh shellcode (44 bytes) FreeBSD/x86 - execve /tmp/sh shellcode (34 bytes) FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes) FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes) FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes) Linux/x86 - execve shellcode null byte free (Generator) Linux/x86 - portbind payload shellcode (Generator) Windows XP SP1 - portbind payload shellcode (Generator) (Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters Linux/x86 - cmd shellcode null free (Generator) (Generator) - Alphanumeric Shellcode Encoder/Decoder HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes) Win32 - Multi-Format Shellcode Encoding Tool (Generator) iOS - Version-independent shellcode Cisco IOS - Connectback (Port 21) Shellcode Cisco IOS - Bind Shellcode Password Protected (116 bytes) Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password) HPUX - execve /bin/sh shellcode (58 bytes) Linux/x86-64 - flush iptables rules shellcode (84 bytes) Linux/x86-64 - connect-back semi-stealth shellcode (88+ bytes) Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind shellcode (276 bytes) Linux/MIPS - execve /bin/sh (56 bytes) Linux/PPC - execve /bin/sh (60 bytes) Linux/MIPS - execve /bin/sh shellcode (56 bytes) Linux/PPC - execve /bin/sh shellcode (60 bytes) Linux/PPC - connect back execve /bin/sh (240 bytes) Linux/PPC - execve /bin/sh (112 bytes) Linux/SPARC - connect back (216 bytes) Linux/SPARC - portbind port 8975 (284 bytes) Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh shellcode (240 bytes) Linux/PPC - execve /bin/sh shellcode (112 bytes) Linux/SPARC - connect back (192.168.100.1:2313) shellcode (216 bytes) Linux/SPARC - portbind port 8975 shellcode (284 bytes) Linux/x86 - Port Binding Shellcode (xor-encoded) (152 bytes) Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) (34 bytes) Linux/x86 - bindport 8000 & execve iptables -F (176 bytes) Linux/x86 - bindport 8000 & add user with root access (225+ bytes) Linux/x86 - Bind ASM Code Linux (179 bytes) Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes) Serial port shell binding & busybox Launching shellcode Linux/x86 - File unlinker (18+ bytes) Linux/x86 - Perl script execution (99+ bytes) Linux/x86 - file reader (65+ bytes) Linux/x86 - chmod(_/etc/shadow__666) & exit(0) (30 bytes) Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) shellcode (34 bytes) Linux/x86 - bindport 8000 & execve iptables -F shellcode (176 bytes) Linux/x86 - bindport 8000 & add user with root access shellcode (225+ bytes) Linux/x86 - 8000 Bind Port ASM Code Linux shellcode (179 bytes) Linux/x86-64 - setuid(0) + execve(/bin/sh) shellcode (49 bytes) Linux/x86 - Serial port shell binding & busybox Launching shellcode (82 bytes) Linux/x86 - File unlinker shellcode (18+ bytes) Linux/x86 - Perl script execution shellcode (99+ bytes) Linux/x86 - file reader shellcode (65+ bytes) Linux/x86 - chmod(_/etc/shadow__666) & exit(0) shellcode (30 bytes) Linux/x86 - PUSH reboot() (30 bytes) Linux/x86 - PUSH reboot() shellcode (30 bytes) Linux/x86 - connect-back port UDP/54321 live packet capture (151 bytes) Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 (295 bytes) Linux/x86 - edit /etc/sudoers for full access (86 bytes) Ho' Detector - Promiscuous mode detector shellcode (56 bytes) Linux/x86 - connect-back port UDP/54321 live packet capture shellcode (151 bytes) Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 shellcode (295 bytes) Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access shellcode (86 bytes) Linux/x86 - Ho' Detector - Promiscuous mode detector shellcode (56 bytes) Linux/x86 - iopl(3); asm(cli); while(1){} (12 bytes) Linux/x86 - iopl(3); asm(cli); while(1){} shellcode (12 bytes) Linux/x86 - connect back_ download a file and execute (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode Linux/x86 - connect back.send.exit /etc/shadow (155 bytes) Linux/x86 - writes a php connectback shell to the fs (508 bytes) Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off (79 bytes) Linux/x86 - raw-socket ICMP/checksum shell (235 bytes) Linux/x86 - /sbin/iptables -F (40 bytes) Linux/x86 - kill all processes (11 bytes) Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes) Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode (39 bytes) Linux/x86 - connect back (Port )8192.send.exit /etc/shadow shellcode (155 bytes) Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem shellcode (508 bytes) Linux/x86 - rm -rf / attempts to block the process from being stopped shellcode (132 bytes) Linux/x86 - setuid(0) . setgid(0) . aslr_off shellcode (79 bytes) Linux/x86 - raw-socket ICMP/checksum shell shellcode (235 bytes) Linux/x86 - /sbin/iptables -F shellcode (40 bytes) Linux/x86 - kill all processes shellcode (11 bytes) Linux/x86 - /sbin/ipchains -F (40 bytes) Linux/x86 - set system time to 0 and exit (12 bytes) Linux/x86 - add root user r00t with no password to /etc/passwd (69 bytes) Linux/x86 - chmod 0666 /etc/shadow (36 bytes) Linux/x86 - forkbomb (7 bytes) Linux/x86 - /sbin/ipchains -F shellcode (40 bytes) Linux/x86 - set system time to 0 and exit shellcode (12 bytes) Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes) Linux/x86 - chmod 0666 /etc/shadow shellcode (36 bytes) Linux/x86 - forkbomb shellcode (7 bytes) Linux/x86 - setuid(0) + execve(/bin/sh) (28 bytes) Linux/x86 - execve(/bin/sh) (22 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes) Linux/x86 - executes command after setreuid (49+ bytes) Linux/x86 - stdin re-open and /bin/sh exec shellcode Linux/x86 - setuid(0) + execve(/bin/sh) shellcode (28 bytes) Linux/x86 - execve(/bin/sh) shellcode (22 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and execve() shellcode (111+ bytes) Linux/x86 - executes command after setreuid shellcode (49+ bytes) Linux/x86 - stdin re-open and /bin/sh exec shellcode (39 bytes) Linux/x86 - setuid/portbind shellcode (96 bytes) Linux/x86 - portbind (define your own port) (84 bytes) Linux/x86 - setuid/portbind (Port 31337) shellcode (96 bytes) Linux/x86 - portbind (2707) shellcode (84 bytes) Linux/x86 - SET_PORT() portbind (100 bytes) Linux/x86 - SET_IP() Connectback Shellcode (82 bytes) Linux/x86 - execve(/bin/sh) (24 bytes) Linux/x86 - xor-encoded Connect Back Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + ZIP Header (28 bytes) Linux/x86 - execve(/bin/sh) + RTF Header (30 bytes) Linux/x86 - execve(/bin/sh) + RIFF Header (28 bytes) Linux/x86 - execve(/bin/sh) + Bitmap Header (27 bytes) Linux/x86 - SWAP restore shellcode (109 bytes) Linux/x86 - SWAP store shellcode (99 bytes) Linux/x86 - Password Authentication portbind Shellcode (166 bytes) Linux/x86 - portbind (port 64713) (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) (31 bytes) Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) (37 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) (33 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes) Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes) Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes) Linux/x86 - execve(/bin/sh) shellcode (24 bytes) Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes) Linux/x86 - execve(/bin/sh) + ZIP Header shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + RTF Header shellcode (30 bytes) Linux/x86 - execve(/bin/sh) + RIFF Header shellcode (28 bytes) Linux/x86 - execve(/bin/sh) + Bitmap Header shellcode (27 bytes) Linux/x86 - /tmp/swr to SWAP restore shellcode (109 bytes) Linux/x86 - SWAP store from /tmp/sws shellcode (99 bytes) Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes) Linux/x86 - portbind (port 64713) shellcode (86 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (25 bytes) Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (23 bytes) Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (31 bytes) Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) shellcode (37 bytes) Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (33 bytes) Linux/x86 - HTTP/1.x GET_ Downloads and JMP shellcode (68+ bytes) Linux/x86 - execve /bin/sh anti-ids (40 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID (41 bytes) Linux/x86 - execve /bin/sh (encoded by +1) (39 bytes) Linux/x86 - Adduser without Password to /etc/passwd (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh (39 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp (80 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp + fork() (98 bytes) Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) (39 bytes) Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() (40 bytes) Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) (45 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() (32 bytes) Linux/x86 - execve /bin/sh anti-ids shellcode (40 bytes) Linux/x86 - execve /bin/sh xored for Intel x86 CPUID shellcode (41 bytes) Linux/x86 - execve /bin/sh shellcode (encoded by +1) (39 bytes) Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes) Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh shellcode (39 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes) Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes) Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) shellcode (39 bytes) Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() shellcode (40 bytes) Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) shellcode (45 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) + exit() shellcode (32 bytes) Linux/x86 - normal exit with random (so to speak) return value (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) (51 bytes) Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit (4 bytes) Linux/x86 - reboot() (20 bytes) Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) (31 bytes) Linux/x86 - execve(/bin/sh) / PUSH (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console (63 bytes) Linux/x86 - normal exit with random (so to speak) return value shellcode (5 bytes) Linux/x86 - getppid() + execve(/proc/pid/exe) shellcode (51 bytes) Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes) Linux/x86 - reboot() shellcode (20 bytes) Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) shellcode (31 bytes) Linux/x86 - execve(/bin/sh) / PUSH shellcode (23 bytes) Linux/x86 - cat /dev/urandom > /dev/console shellcode (63 bytes) Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); (29 bytes) Linux/x86 - _exit(1); (7 bytes) Linux/x86 - read(0_buf_2541); chmod(buf_4755); (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) (36 bytes) Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); shellcode (15 bytes) Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); shellcode (29 bytes) Linux/x86 - _exit(1); shellcode (7 bytes) Linux/x86 - read(0_buf_2541); chmod(buf_4755); shellcode (23 bytes) Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) shellcode (36 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload (21 bytes) Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload (45 bytes) Linux/x86 - chroot & standart (66 bytes) Linux/x86 - upload & exec (189 bytes) Linux/x86 - setreuid/execve (31 bytes) Linux/x86 - /bin/sh Standard Opcode Array Payload shellcode (21 bytes) Linux/x86 - examples of long-term payloads hide-wait-change shellcode (.s) (187+ bytes) Linux/x86 - examples of long-term payloads hide-wait-change shellcode (187+ bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (23 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (27 bytes) Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (45 bytes) Linux/x86 - chroot & standart shellcode (66 bytes) Linux/x86 - upload & exec shellcode (189 bytes) Linux/x86 - setreuid/execve shellcode (31 bytes) Linux/x86 - Radically Self Modifying Code (70 bytes) Linux/x86 - Magic Byte Self Modifying Code (76 bytes) Linux/x86 - execve code (23 bytes) Linux/x86 - execve(_/bin/ash__0_0); (21 bytes) Linux/x86 - execve /bin/sh alphanumeric (392 bytes) Linux/x86 - execve /bin/sh IA32 0xff-less (45 bytes) Linux/x86 - symlink /bin/sh xoring (56 bytes) Linux/x86 - portbind port 5074 toupper (226 bytes) Linux/x86 - add user t00r ENCRYPT (116 bytes) Linux/x86 - chmod 666 shadow ENCRYPT (75 bytes) Linux/x86 - symlink . /bin/sh (32 bytes) Linux/x86 - kill snort (151 bytes) Linux/x86 - shared memory exec (50 bytes) Linux/x86 - iptables -F (45 bytes) Linux/x86 - iptables -F (58 bytes) Linux/x86 - Reverse telnet (134 bytes) Linux/x86 - connect (120 bytes) Linux/x86 - chmod 666 /etc/shadow (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy (126 bytes) Linux/x86 - eject /dev/cdrom (64 bytes) Linux/x86 - xterm -ut -display [IP]:0 (132 bytes) Linux/x86 - ipchains -F (49 bytes) Linux/x86 - chmod 666 /etc/shadow (82 bytes) Linux/x86 - execve /bin/sh (29 bytes) Linux/x86 - execve /bin/sh (24 bytes) Linux/x86 - execve /bin/sh (38 bytes) Linux/x86 - execve /bin/sh (30 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) (50 bytes) Linux/x86 - portbind port 5074 (92 bytes) Linux/x86 - portbind port 5074 + fork() (130 bytes) Linux/x86 - add user t00r (82 bytes) Linux/x86 - add user (104 bytes) Linux/x86 - break chroot (34 bytes) Linux/x86 - break chroot (46 bytes) Linux/x86 - break chroot execve /bin/sh (80 bytes) Linux/x86 - execve /bin/sh encrypted (58 bytes) Linux/x86 - execve /bin/sh xor encrypted (55 bytes) Linux/x86 - execve /bin/sh tolower() evasion (41 bytes) execve of /bin/sh after setreuid(0_0) Linux - chroot()/execve() code (80 bytes) Linux/x86 - execve /bin/sh toupper() evasion (55 bytes) Linux/x86 - add user (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh (132 bytes) Linux/x86_64 - bindshell port:4444 shellcode (132 bytes) Linux/x86_64 - execve(/bin/sh) (33 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes) OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes) Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes) Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes) netbsd/x86 - kill all processes shellcode (23 bytes) netbsd/x86 - callback shellcode (port 6666) (83 bytes) netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes) netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes) netbsd/x86 - execve /bin/sh (68 bytes) openbsd/x86 - execve(/bin/sh) (23 bytes) openbsd/x86 - portbind port 6969 (148 bytes) openbsd/x86 - add user w00w00 (112 bytes) OS-X/ppc - sync()_ reboot() (32 bytes) OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes) OS-X/PPC - Add user r00t (219 bytes) OS-X/PPC - execve /bin/sh (72 bytes) OS-X/PPC - add inetd backdoor (222 bytes) OS-X/PPC - reboot (28 bytes) OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes) OS-X/PPC - create /tmp/suid (122 bytes) OS-X/PPC - simple write() (75 bytes) OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes) sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes) Solaris/SPARC - download and execute (278 bytes) Solaris/SPARC - executes command after setreuid (92+ bytes) Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes) Solaris/SPARC - setreuid/execve (56 bytes) Solaris/SPARC - portbind (port 6666) (240 bytes) Solaris/SPARC - execve /bin/sh (52 bytes) Solaris/SPARC - portbind port 6789 (228 bytes) Solaris/SPARC - connect-back (204 bytes) Solaris/SPARC - portbinding shellcode Linux/x86 - Radically Self Modifying Code shellcode (70 bytes) Linux/x86 - Magic Byte Self Modifying Code shellcode (76 bytes) Linux/x86 - execve code shellcode (23 bytes) Linux/x86 - execve(_/bin/ash__0_0); shellcode (21 bytes) Linux/x86 - execve /bin/sh alphanumeric shellcode (392 bytes) Linux/x86 - execve /bin/sh IA32 0xff-less shellcode (45 bytes) Linux/x86 - symlink /bin/sh xoring shellcode (56 bytes) Linux/x86 - portbind port 5074 toupper shellcode (226 bytes) Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes) Linux/x86 - chmod 666 shadow ENCRYPT shellcode (75 bytes) Linux/x86 - symlink . /bin/sh shellcode (32 bytes) Linux/x86 - kill snort shellcode (151 bytes) Linux/x86 - shared memory exec shellcode (50 bytes) Linux/x86 - iptables -F shellcode (45 bytes) Linux/x86 - iptables -F shellcode (58 bytes) Linux/x86 - Reverse telnet shellcode (134 bytes) Linux/x86 - connect shellcode (120 bytes) Linux/x86 - chmod 666 /etc/shadow shellcode (41 bytes) Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy shellcode (126 bytes) Linux/x86 - eject /dev/cdrom shellcode (64 bytes) Linux/x86 - xterm -ut -display [IP]:0 shellcode (132 bytes) Linux/x86 - ipchains -F shellcode (49 bytes) Linux/x86 - chmod 666 /etc/shadow shellcode (82 bytes) Linux/x86 - execve /bin/sh shellcode (29 bytes) Linux/x86 - execve /bin/sh shellcode (24 bytes) Linux/x86 - execve /bin/sh shellcode (38 bytes) Linux/x86 - execve /bin/sh shellcode (30 bytes) Linux/x86 - execve /bin/sh setreuid(12_12) shellcode (50 bytes) Linux/x86 - portbind port 5074 shellcode (92 bytes) Linux/x86 - portbind port 5074 + fork() shellcode (130 bytes) Linux/x86 - Add user _t00r_ shellcode (82 bytes) Linux/x86 - Add user shellcode (104 bytes) Linux/x86 - break chroot shellcode (34 bytes) Linux/x86 - break chroot shellcode (46 bytes) Linux/x86 - break chroot execve /bin/sh shellcode (80 bytes) Linux/x86 - execve /bin/sh encrypted shellcode (58 bytes) Linux/x86 - execve /bin/sh xor encrypted shellcode (55 bytes) Linux/x86 - execve /bin/sh tolower() evasion shellcode (41 bytes) Linux/x86 - execve of /bin/sh after setreuid(0_0) shellcode (46+ bytes) Linux/x86 - chroot()/execve() code shellcode (80 bytes) Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes) Linux/x86 - Add user _z_ shellcode (70 bytes) Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes) Linux/x86-64 - bindshell port:4444 shellcode (132 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes) Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes) OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes) Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh shellcode (141 bytes) Linux/x86 & Unix/SPARC - execve /bin/sh shellcode (80 bytes) Linux/x86 & bsd/x86 - execve /bin/sh shellcode (38 bytes) NetBSD/x86 - kill all processes shellcode (23 bytes) NetBSD/x86 - callback shellcode (port 6666) (83 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (29 bytes) NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (30 bytes) NetBSD/x86 - execve /bin/sh shellcode (68 bytes) OpenBSD/x86 - execve(/bin/sh) ( shellcode 23 bytes) OpenBSD/x86 - portbind port 6969 shellcode (148 bytes) OpenBSD/x86 - Add user _w00w00_ (112 shellcode bytes) OS-X/PPC - sync()_ reboot() shellcode (32 bytes) OS-X/PPC - execve(/bin/sh)_ exit() shellcode (72 bytes) OS-X/PPC - Add user _r00t_ shellcode (219 bytes) OS-X/PPC - execve /bin/sh shellcode (72 bytes) OS-X/PPC - Add inetd backdoor shellcode (222 bytes) OS-X/PPC - reboot shellcode (28 bytes) OS-X/PPC - setuid(0) + execve /bin/sh shellcode (88 bytes) OS-X/PPC - create /tmp/suid shellcode (122 bytes) OS-X/PPC - simple write() shellcode (75 bytes) OS-X/PPC - execve /usr/X11R6/bin/xterm shellcode (141 bytes) SCO/x86 - execve(_/bin/sh__ ..._ NULL); shellcode (43 bytes) Solaris/SPARC - download and execute shellcode (278 bytes) Solaris/SPARC - executes command after setreuid shellcode (92+ bytes) Solaris/SPARC - connect-back (with XNOR encoded session) shellcode (600 bytes) Solaris/SPARC - setreuid/execve shellcode (56 bytes) Solaris/SPARC - portbind (port 6666) shellcode (240 bytes) Solaris/SPARC - execve /bin/sh shellcode (52 bytes) Solaris/SPARC - portbind port 6789 shellcode (228 bytes) Solaris/SPARC - connect-bac shellcode k (204 bytes) Solaris/SPARC - portbinding shellcode (240 bytes) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes) Solaris/x86 - execve /bin/sh toupper evasion (84 bytes) Solaris/x86 - add services and execve inetd (201 bytes) Unixware - execve /bin/sh (95 bytes) Windows 5.0 < 7.0 x86 - null-free bindshell Win32/XP SP2 (EN) - cmd.exe (23 bytes) Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes) Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes) Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes) Solaris/x86 - Add services and execve inetd shellcode (201 bytes) UnixWare - execve /bin/sh shellcode (95 bytes) Windows 5.0 < 7.0 x86 - null-free bindshell shellcode Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes) Win32 -SEH omelet shellcode Win32 - telnetbind by Winexec (111 bytes) Win32 - PEB!NtGlobalFlags shellcode (14 bytes) Win32 XP SP2 FR - Sellcode cmd.exe (32 bytes) Win32/XP SP2 - cmd.exe (57 bytes) Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes) Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes) Win32 - connectback_ receive_ save and execute shellcode Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download and Exec Shellcode (192 bytes) Win32 - download and execute (124 bytes) Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box (110 bytes) Win32 - WinExec() Command Parameter (104+ bytes) Win32 - Download & Exec Shellcode (226+ bytes) Windows NT/2000/XP - useradd shellcode for russian systems (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP - PEB method (29 bytes) Windows 9x/NT/2000/XP - PEB method (31 bytes) Windows 9x/NT/2000/XP - PEB method (35 bytes) Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes) Windows XP/2000/2003 - Download File and Exec (241 bytes) Windows XP - download and exec source Windows XP SP1 - Portshell on port 58821 (116 bytes) Windows - (DCOM RPC2) Universal Shellcode Win64 - (URLDownloadToFileA) download and execute (218+ bytes) Linux/x86 - kill all processes (9 bytes) Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes) Linux - setuid(0) and cat /etc/shadow Linux - chmod(/etc/shadow_ 0666) & exit() (33 bytes) Linux - Linux/x86 execve() (51bytes) Win32 - SEH omelet shellcode Win32 - telnetbind by Winexec shellcode (111 bytes) Win32 - PEB!NtGlobalFlags shellcode (14 bytes) Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes) Win32/XP SP2 - cmd.exe shellcode (57 bytes) Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric shellcode (67 bytes) Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) shellcode (49 bytes) Win32 - connectback_ receive_ save and execute shellcode Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes) Win32 - Tiny Download and Exec Shellcode (192 bytes) Win32 - download and execute shellcode (124 bytes) Win32/NT/XP - IsDebuggerPresent ShellCode (39 bytes) Win32 SP1/SP2 - Beep Shellcode (35 bytes) Win32/XP SP2 - Pop up message box shellcode (110 bytes) Win32 - WinExec() Command Parameter shellcode (104+ bytes) Win32 - Download & Exec Shellcode (226+ bytes) Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes) Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes) Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes) Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes) Windows 9x/NT/2000/XP - PEB method shellcode (35 bytes) Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes) Windows XP/2000/2003 - Download File and Exec shellcode (241 bytes) Windows XP - download and exec source shellcode Windows XP SP1 - Portshell on port 58821 shellcode (116 bytes) Windows - (DCOM RPC2) Universal Shellcode Win64 - (URLDownloadToFileA) download and execute shellcode (218+ bytes) Linux/x86 - kill all processes shellcode (9 bytes) Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) shellcode (47 bytes) Linux/x86 - setuid(0) and cat /etc/shadow shellcode (49 bytes) Linux/x86 - chmod(/etc/shadow_ 0666) & exit() shellcode (33 bytes) Linux/x86 - Linux/x86 execve() shellcode (51 bytes) Windows XP SP2 - PEB ISbeingdebugged shellcode Linux/x86 - overwrite MBR on /dev/sda with _LOL!' (43 bytes) Win32 XP SP3 - ShellExecuteA shellcode Linux - setreuid (0_0) & execve(/bin/rm /etc/shadow) Win32 XP SP3 - addFirewallRule freebsd/x86 - portbind shellcode (167 bytes) Win32/XP SP2 - calc.exe (45 bytes) Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes) Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes) Linux/x86 - chmod 666 /etc/shadow (27 bytes) Linux/x86 - break chroot (79 bytes) Linux/x86 - fork bomb (6 bytes) Linux/x86 - append _/etc/passwd_ & exit() (107 bytes) Windows XP SP2 - PEB ISbeingdebugged shellcode (56 bytes) Linux/x86 - overwrite MBR on /dev/sda with _LOL!' shellcode (43 bytes) Win32 XP SP3 - ShellExecuteA shellcode Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode FreeBSD/x86 - portbind (Port 1337) shellcode (167 bytes) Win32/XP SP2 - calc.exe shellcode (45 bytes) Linux/x86 - unlink(/etc/passwd) & exit() shellcode (35 bytes) Win32/XP SP2 (EN + AR) - cmd.exe shellcode (23 bytes) Linux/x86 - chmod 666 /etc/shadow shellcode (27 bytes) Linux/x86 - break chroot shellcode (79 bytes) Linux/x86 - fork bomb shellcode (6 bytes) Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes) Linux/x86 - eject /dev/cdrom (42 bytes) Win32 XP SP2 FR - calc (19 bytes) Linux/x86 - eject /dev/cdrom shellcode (42 bytes) Win32 XP SP2 FR - calc shellcode (19 bytes) Linux/x86 - ip6tables -F (47 bytes) Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes) Linux i686 - pacman -R <package> (59 bytes) Linux - bin/cat /etc/passwd (43 bytes) Win32 XP SP3 English - cmd.exe (26 bytes) Win32 XP SP2 Turkish - cmd.exe (26 bytes) Linux/x86 - /bin/sh (8 bytes) Linux/x86 - execve /bin/sh (21 bytes) Windows XP Home Edition SP2 English - calc.exe (37 bytes) Windows XP Home Edition SP3 English - calc.exe (37 bytes) Linux/x86 - disabled modsecurity (64 bytes) Win32 - JITed stage-0 shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Linux/x86 - ip6tables -F shellcode (47 bytes) Linux/i686 - pacman -S <package> (default package: backdoor) shellcode (64 bytes) Linux/i686 - pacman -R <package> shellcode (59 bytes) Linux/x86 - bin/cat /etc/passwd shellcode (43 bytes) Win32 XP SP3 English - cmd.exe shellcode (26 bytes) Win32 XP SP2 Turkish - cmd.exe shellcode (26 bytes) Linux/x86 - /bin/sh shellcode (8 bytes) Linux/x86 - execve /bin/sh shellcode (21 bytes) Windows XP Home Edition SP2 English - calc.exe shellcode (37 bytes) Windows XP Home Edition SP3 English - calc.exe shellcode (37 bytes) Linux/x86 - disabled modsecurity shellcode (64 bytes) Win32 - JITed stage-0 shellcode Win32 - JITed exec notepad Shellcode Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes) Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Win32 - MessageBox (Metasploit) Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes) Win32 - MessageBox shellcode (Metasploit) chmod(_/etc/shadow__ 0666) shellcode (36 bytes) execve(_/bin/sh_) shellcode (25 bytes) DoS-Badger-Game shellcode (6 bytes) SLoc-DoS shellcode (55 bytes) execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) chmod(_/etc/shadow__ 0777) Shellcode(33 bytes) chmod(_/etc/shadow__ 0777) shellcode (29 bytes) Linux/x86 - chmod(_/etc/shadow__ 0666) shellcode (36 bytes) Linux/x86-64 - execve(_/bin/sh_) shellcode (25 bytes) Linux/x86 - DoS-Badger-Game shellcode (6 bytes) Linux/x86 - SLoc-DoS shellcode (55 bytes) Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes) Linux/x86 - chmod(_/etc/shadow__ 0777) shellcode (29 bytes) Linux/x86 - polymorphic forkbombe (30 bytes) Linux/x86 - forkbomb setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86_64 - reboot(POWER_OFF) shellcode (19 bytes) Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes) Windows XP SP2 FR - Download and Exec Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes) Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) (27 bytes) Linux/x86 - polymorphic forkbombe shellcode (30 bytes) Linux/x86 - forkbomb shellcode (6 bytes) Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes) Linux/x86-64 - reboot(POWER_OFF) shellcode (19 bytes) Linux/x86-64 - execve(_/bin/sh_); shellcode (30 bytes) Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes) Linux/x86 - execve(_/bin/bash___-p__NULL) shellcode (33 bytes) Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) shellcode (57 bytes) Windows XP SP2 FR - Download and Exec Shellcode Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); shellcode (42 bytes) Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) shellcode (45 bytes) Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) shellcode (27 bytes) Solaris/x86 - Reboot() (37 bytes) Solaris/x86 - Remote Download file (79 bytes) Linux/x86 - Disable randomize stack addresse (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83 Solaris/x86 - Reboot() shellcode (37 bytes) Solaris/x86 - Remote Download file shellcode (79 bytes) Linux/x86 - Disable randomize stack addresse shellcode (106 bytes) Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes) Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes) Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes) Linux/x86 - kill all running process (11 bytes) change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes) Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes) Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes) Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes) Linux/x86 - kill all running process shellcode (11 bytes) Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes) Windows 7 x64 - cmd Shellcode (61 bytes) Linux/x86 - hard / unclean reboot (29 bytes) Linux/x86 - hard / unclean reboot (33 bytes) Solaris/x86 - SystemV killall command (39 bytes) Linux/x86 - hard / unclean reboot shellcode (29 bytes) Linux/x86 - hard / unclean reboot shellcode (33 bytes) Solaris/x86 - SystemV killall command shellcode (39 bytes) Linux/x86 - give all user root access when execute /bin/sh (45 bytes) Linux/x86 - give all user root access when execute /bin/sh shellcode (45 bytes) Linux/x86 - netcat connect back port 8080 (76 bytes) Linux/x86 - netcat connect back port 8080 shellcode (76 bytes) Windows - MessageBoxA Shellcode Windows - MessageBoxA Shellcode (238 bytes) Solaris/x86 - Sync() & reboot() & exit(0) (48 bytes) Solaris/x86 - Sync() & reboot() & exit(0) shellcode (48 bytes) Linux/x86_64 - Disable ASLR Security (143 bytes) Linux/x86-64 - Disable ASLR Security shellcode (143 bytes) Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes) Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) shellcode (131 bytes) Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes) Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) shellcode (63 bytes) Linux/x86_64 - Add root user with password (390 bytes) Linux/x86-64 - Add root user _shell-storm_ with password _leet_ shellcode (390 bytes) Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes) Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes) Linux/ARM - setuid(0) & kill(-1_ SIGKILL) shellcode (28 bytes) Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes) Linux/ARM - execve(_/bin/sh___/bin/sh__0) shellcode (30 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes) Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) shellcode (84 bytes) Linux/ARM - Disable ASLR Security (102 bytes) Linux/ARM - Disable ASLR Security shellcode (102 bytes) Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded (78 bytes) Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded shellcode (78 bytes) Linux/x86 - bind shell port 64533 (97 bytes) Linux/x86 - bind shell port 64533 shellcode (97 bytes) Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode (161 bytes) Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes) Linux - 125 bind port to 6778 XOR encoded polymorphic Linux - 125 bind port to 6778 XOR encoded polymorphic shellcode (125 bytes) Linux - nc -lp 31337 -e /bin//sh polymorphic shellcode (91 bytes) Linux - _nc -lp 31337 -e /bin//sh_ polymorphic shellcode (91 bytes) Win32 - Write-to-file Shellcode Win32 - Write-to-file Shellcode (278 bytes) Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes) Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) shellcode (49 bytes) Linux/x86 - netcat bindshell port 8080 (75 bytes) Linux/x86 - netcat bindshell port 8080 shellcode (75 bytes) Mini-Stream RM-MP3 Converter 3.1.2.1 - (.pls) Stack Buffer Overflow universal PHP-Nuke 8.1 SEO Arabic - Remote File Include bds/x86 - bindshell on port 2525 shellcode (167 bytes) BSD/x86 - bindshell on port 2525 shellcode (167 bytes) Win32 - Shellcode Checksum Routine (18 bytes) Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (27 bytes) Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (27 bytes) Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit Audiotran 1.4.2.4 SEH Overflow Exploit Joomla Component (com_elite_experts) SQL Injection Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes) Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes) Traidnt UP - Cross-Site Request Forgery Add Admin Account Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes) Win32 - add new local administrator (326 bytes) Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes) Win32 - Add new local administrator shellcode _secuid0_ (326 bytes) HP Data Protector Media Operations NULL Pointer Dereference Remote DoS AnyDVD <= 6.7.1.0 - Denial of Service ARM - Bindshell port 0x1337 ARM - Bind Connect UDP Port 68 ARM - Loader Port 0x1337 ARM - ifconfig eth0 and Assign Address ARM - Bindshell port 0x1337shellcode ARM - Bind Connect UDP Port 68 shellcode ARM - Loader Port 0x1337 shellcode ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode Linux/ARM - add root user with password (151 bytes) Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes) OS-X/Intel - setuid shell x86_64 (51 bytes) OS-X/Intel - setuid shell x86_64 shellcode (51 bytes) Create a New User with UID 0 - ARM (Metasploit) ARM - Create a New User with UID 0 shellcode (Metasploit) (Generator) (66+ bytes) Windows Win32k Pointer Dereferencement PoC (MS10-098) Win32 - speaking shellcode bds/x86 - connect back Shellcode (81 bytes) bds/x86 - portbind + fork shellcode (111 bytes) bsd/x86 - connect back Shellcode (81 bytes) BSD/x86 - 31337 portbind + fork shellcode (111 bytes) Win32 - eggsearch shellcode (33 bytes) Arkeia Backup Client Type 77 - Overflow (Win32) Oracle 9i XDB FTP PASS Overflow (Win32) SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow SHTTPD <= 1.34 - URI-Encoded POST Request Overflow (Win32) Icecast <= 2.0.1 - Header Overwrite (Win32) McAfee ePolicy Orchestrator / ProtectionPilot Overflow Oracle 9i XDB HTTP PASS Overflow (Win32) Linux/SuperH - sh4 - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) (43 bytes) Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes) Linux/x86 - netcat bindshell port 6666 (69 bytes) Linux/x86 - netcat bindshell port 6666 shellcode (69 bytes) OS-X/Intel - reverse_tcp shell x86_64 (131 bytes) OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes) Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes) Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes) Linux/x86 - ASLR deactivation (83 bytes) Linux/x86 - ASLR deactivation shellcode (83 bytes) Linux/x86 - ConnectBack with SSL connection (422 bytes) Linux/x86 - ConnectBack with SSL connection shellcode (422 bytes) SuperH (sh4) - Add root user with password (143 bytes) Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes) Win32/PerfectXp-pc1/SP3 TR - Add Admin Shellcode (112 bytes) Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes) Linux/MIPS - execve (52 bytes) Linux/MIPS - execve shellcode (52 bytes) QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes) Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) shellcode (27 bytes) Linux/MIPS - execve /bin/sh (48 bytes) Linux/MIPS - add user(UID 0) with password (164 bytes) Linux/MIPS - execve /bin/sh shellcode (48 bytes) Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes) Linux/x86_64 - execve(/bin/sh) (52 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (52 bytes) Linux/MIPS - reboot() (32 bytes) Linux/MIPS - reboot() shellcode (32 bytes) GdiDrawStream BSoD using Safari Linux/x86 - Polymorphic ShellCode - setuid(0)+setgid(0)+add user 'iph' without password to /etc/passwd Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes) Linux/x86 - Search For php/html Writable Files and Add Your Code shellcode (380+ bytes) Linux/x86_64 - add user with passwd (189 bytes) Linux/x86-64 - Add user _t0r_ with password _Winner_ shellcode (189 bytes) Linux/x86 - execve(/bin/dash) (42 bytes) Linux/x86 - execve(/bin/dash) shellcode (42 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes) Linux/x86 - chmod 666 /etc/passwd & /etc/shadow shellcode (57 bytes) Microsoft Windows Kernel - Intel x64 SYSRET PoC Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes) Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes) Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) shellcode (72 bytes) Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (30 bytes) Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) shellcode (41 bytes) Windows XP Pro SP3 - Full ROP calc shellcode Windows XP Pro SP3 - Full ROP calc shellcode (428 bytes) Novell Client 2 SP3 - nicm.sys Local Privilege Escalation MIPS Little Endian - Shellcode MIPS - (Little Endian) system() Shellcode (80 bytes) Windows RT ARM - Bind Shell (Port 4444) Windows RT ARM - Bind Shell (Port 4444) shellcode Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation Linux/x86 - Multi-Egghunter Linux/x86 - Multi-Egghunter shellcode MIPS Little Endian - Reverse Shell Shellcode (Linux) Linux/MIPS - (Little Endian) Reverse Shell (192.168.1.177:31337) Shellcode (200 bytes) Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation Windows - Add Admin User Shellcode (194 bytes) Windows - Add Admin User _BroK3n_ Shellcode (194 bytes) Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035) OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation MQAC.sys Arbitrary Write Privilege Escalation Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes) Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh shellcode (378 bytes) VirtualBox 3D Acceleration Virtual Machine Escape Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes) Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes) Connect Back (139 bytes) Linux/x86-64 - Connect Back shellcode (139 bytes) Linux/x86 - Add map in /etc/hosts file Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) shellcode (77 bytes) Microsoft Bluetooth Personal Area Networking - (BthPan.sys) Privilege Escalation MS14-060 Microsoft Windows OLE Package Manager Code Execution Position independent & Alphanumeric 64-bit execve(_/bin/sh\0__NULL_NULL); (87 bytes) Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); shellcode (87 bytes) Offset2lib: Bypassing Full ASLR On 64 bit Linux Linux/x86 - rmdir (37 bytes) Linux/x86 - rmdir shellcode (37 bytes) Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password) Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password) Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password) Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password) RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes) Linux/MIPS - execve (36 bytes) Linux/MIPS - execve /bin/sh shellcode (36 bytes) Windows XP x86-64 - Download & execute (Generator) Windows XP x86-64 - Download & execute shellcode (Generator) Linux Kernel <= 3.17.5 - IRET Instruction #SS Fault Handling Crash PoC Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow (55 bytes) Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd (55 bytes) Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes) Reads Data From /etc/passwd To /tmp/outfile (118 bytes) Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile shellcode (118 bytes) Linux/x86 - ROT13 encoded execve(_/bin/sh_) (68 bytes) Linux/x86 - ROT13 encoded execve(_/bin/sh_) shellcode (68 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes) Linux/x86 - Obfuscated map google.com to 127.1.1.1 (98 bytes) Linux/x86 - Obfuscated execve(_/bin/sh_) (40 bytes) Linux/x86 - chmod 0777 /etc/shadow obfuscated shellcode (84 bytes) Linux/x86 - Obfuscated map google.com to 127.1.1.1 shellcode (98 bytes) Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes) Linux/x86 - Reverse TCP Shell (72 bytes) Linux/x86 - TCP Bind Shell (96 bytes) Linux/x86 - Reverse TCP Shell shellcode (72 bytes) Linux/x86 - TCP Bind Shel shellcode l (96 bytes) Linux - Disable ASLR (84 bytes) Linux/x86 - Disable ASLR shellcode (84 bytes) Linux/x86 - Egg-hunter (20 bytes) Linux/x86 - Egg-hunter shellcode (20 bytes) Create 'my.txt' Working Directory (37 bytes) Linux/x86 - Create 'my.txt' Working Directory shellcode (37 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) (49 bytes) Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) shellcode (49 bytes) Win32/XP SP3 - Create (_file.txt_) (83 bytes) Win32/XP SP3 - Restart computer Linux - custom execve-shellcode Encoder/Decoder Win32/XP SP3 - Create (_file.txt_) shellcode (83 bytes) Win32/XP SP3 - Restart computer shellcode (57 bytes) Linux/x86 - custom execve-shellcode Encoder/Decoder Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes) Linux/x86 - exit(0) (6 bytes) Linux/x86 - exit(0) shellcode (6 bytes) Windows 8.0 < 8.1 x64 - TrackPopupMenu Privilege Escalation (MS14-058) Linux/x86 - chmod() 777 /etc/shadow & exit() (33 bytes) Linux/x86 - chmod() 777 /etc/shadow & exit() shellcode (33 bytes) Linux/x86 - /etc/passwd Reader (58 bytes) Linux/x86 - /etc/passwd Reader shellcode (58 bytes) Linux/x86 - mkdir HACK & chmod 777 and exit(0) (29 bytes) Linux/x86 - Netcat BindShell Port 5555 (60 bytes) Linux/x86 - mkdir HACK & chmod 777 and exit(0) shellcode (29 bytes) Linux/x86 - Netcat BindShell Port 5555 shellcode (60 bytes) Linux/x86_64 - execve(/bin/sh) (30 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (30 bytes) Linux/x86 - Download & Execute Linux/x86 - Reboot (28 bytes) Linux/x86 - Download & Execute shellcode Linux/x86 - Reboot shellcode (28 bytes) Linux/x86 - execve /bin/sh (23 bytes) Linux/x86 - execve /bin/sh shellcode (23 bytes) Linux 64bit - Encoded execve shellcode Linux/x86-64 - Encoded execve shellcode (57 bytes) encoded 64 bit execve shellcode Linux/x86-64 - encoded execve shellcode (57 bytes) Win32/XP SP3 (TR) - MessageBox (24 bytes) Win32/XP SP3 (TR) - MessageBox shellcode (24 bytes) Windows XP SP3 x86 / 2003 SP2 x86 - NDProxy Privilege Escalation (MS14-002) Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes) Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes) Symantec Endpoint Protection Manager Authentication Bypass and Code Execution Adobe Flash XMLSocket Destructor Not Cleared Before Setting User Data in connect Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash Shared Object Type Confusion Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File Adobe Flash Shared Object Type Confusion Windows 2003 x64 - Token Stealing shellcode (59 bytes) OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes) Mainframe/System Z - Bind Shell Mainframe/System Z - Bind Shell shellcode (2488 bytes) ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC Linux/x86 - execve(/bin/bash) (31 bytes) Linux/x86 - execve(/bin/bash) shellcode (31 bytes) Linux/x86 - Create file with permission 7775 and exit (Shell Generator) Linux/x86 - Create file with permission 7775 and exit shellcode (Generator) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes) Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) shellcode (75 bytes) OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes) OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes) Linux/x86_64 - /bin/sh Linux/x86-64 - /bin/sh shellcode Android Shellcode Telnetd with Parameters Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes) Microsoft Windows - Font Driver Buffer Overflow (MS15-078) Linux/x86_64 - execve Shellcode (22 bytes) Linux/x86-64 - execve Shellcode (22 bytes) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2) Windows Kernel - DeferWindowPos Use-After-Free (MS15-073) Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073) Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061) Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061) Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061) Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061) Windows Kernel - WindowStation Use-After-Free (MS15-061) Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Windows Kernel - FlashWindowEx Memory Corruption (MS15-097) Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Windows Kernel - WindowStation Use-After-Free (MS15-061) Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061) Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1) Windows Kernel - FlashWindowEx Memory Corruption (MS15-097) Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097) Windows Kernel - Use-After-Free with Cursor Object (MS15-097) Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097) Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097) Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097) Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application) Linux/x86_64 - Bindshell with Password (92 bytes) Linux/x86-64 - Bindshell with Password shellcode (92 bytes) Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution Linux/x64 - egghunter (24 bytes) Linux/x86-64 - egghunter shellcode (24 bytes) Linux/x86_64 - Polymorphic execve Shellcode (31 bytes) Linux/x86-64 - Polymorphic execve Shellcode (31 bytes) Windows XP<10 - Null-Free WinExec Shellcode (Python) Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator) win32k Desktop and Clipboard - Null Pointer Derefence win32k Clipboard Bitmap - Use-After-Free win32k Desktop and Clipboard - Null Pointer Derefence win32k Clipboard Bitmap - Use-After-Free Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010) Adobe Flash Selection.SetSelection - Use-After-Free Adobe Flash Sound.setTransform - Use-After-Free Linux/x64 - Bind TCP Port Shellcode (103 bytes) Linux/x86-64 - Bind TCP Port Shellcode (103 bytes) Linux/x86_64 - bind TCP port shellcode (103 bytes) TCP Bindshell with Password Prompt (162 bytes) Linux/x86-64 - bind TCP port shellcode (103 bytes) Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes) TCP Reverse Shell with Password Prompt (151 bytes) Linux/x86-64 - TCP Reverse Shell with Password Prompt shellcode (151 bytes) Linux/x86_64 - Egghunter (18 bytes) Linux/x86 - Egg-hunter (13 bytes) Linux/x86-64 - Egghunter shellcode (18 bytes) Linux/x86 - Egg-hunter shellcode (13 bytes) Adobe Flash - Use-After-Free When Setting Stage Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes) Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes) Linux x86 & x86_64 - reverse_tcp Shellcode Linux x86 & x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes) Linux x86 & x86_64 - tcp_bind Shellcode Linux x86 & x86_64 - Read etc/passwd Shellcode Linux x86 & x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes) Linux x86 & x86_64 - Read /etc/passwd Shellcode (156 bytes) Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (1) (122 bytes) Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes) Linux/x86 - Download & Execute Shellcode Linux/x86_64 - Polymorphic Execve-Stack (47 bytes) Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (2) (135 bytes) Linux/x86 - Download & Execute Shellcode (135 bytes) Linux/x86-64 - Polymorphic Execve-Stack shellcode (47 bytes) Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040) Linux/ARM - Connect back to {ip:port} with /bin/sh (95 bytes) Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh shellcode (95 bytes) Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes) Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes) Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation Microsoft Windows 7 x64 - afd.sys Privilege Escalation (MS14-040) Linux/x86_64 - Reverse Shell Shellcode Linux/x86-64 - Reverse Shell Shellcode Linux/x86_64 - execve(/bin/sh) (26 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (26 bytes) Linux/x86_64 - execve(/bin/sh) (25 bytes) Linux/x86_64 - execve(/bin/bash) (33 bytes) Linux/x86-64 - execve(/bin/sh) shellcode (25 bytes) Linux/x86-64 - execve(/bin/bash) shellcode (33 bytes) Linux/x86_64 - bindshell (Pori: 5600) (81 bytes) Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes) Linux/x86_64 - Read /etc/passwd (65 bytes) Linux/x86-64 - Read /etc/passwd shellcode (65 bytes) Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039) Linux/x86_64 - bindshell (Port 5600) (86 bytes) Linux/x86-64 - bindshell (Port 5600) shellcode (86 bytes) Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode (394 bytes) Linux/x86 - Reverse TCP Shellcode (IPv6) Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes) Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes) Linux/x86 - Bind TCP Port 1472 (IPv6) shellcode (1250 bytes) Linux/x64 - Bind Shell Shellcode (Generator) PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit) Linux/x86-64 - Bind Shell Shellcode (Generator) PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit) Win32 .Net Framework - Execute Native x86 Shellcode Linux/x86_64 - Bind TCP Port 1472 (IPv6) Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes) Linux/x86_64 - Reverse TCP (IPv6) Linux/x86-64 - Reverse TCP shellcode (IPv6) (203 bytes) Linux/x86 - Bindshell with Configurable Port (87 bytes) Linux/x86 - Bindshell with Configurable Port shellcode (87 bytes) Linux/x86_64 - Null-Free Reverse TCP Shell Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes) Linux/x86_64 - Information Stealer Shellcode Linux/x86-64 - Information Stealer Shellcode (399 bytes) Linux/x86 - TCP Bind Shell Port 4444 (656 bytes) Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes) Linux/x86_64 - XOR Encode execve Shellcode Linux/x86-64 - XOR Encode execve Shellcode Windows x86 - WinExec(_cmd.exe__0) Shellcode Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes) Windows x86 - system(_systeminfo_) Shellcode Windows x86 - system(_systeminfo_) Shellcode (224 bytes) Windows - Custom Font Disable Policy Bypass PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit) Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes) Linux/x86_64 - /etc/passwd File Sender Shellcode Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes) Windows 7 SP1 x86 - Privilege Escalation (MS16-014) Linux 64bit - NetCat Bind Shell Shellcode (64 bytes) Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes) Linux/x86 - TCP Bind Shell Port 4444 (98 bytes) Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes) Linux 64bit - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes) Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes) Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes) Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password shellcode (172 bytes) Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 shellcode (68 bytes)	2016-07-18 05:02:52 +00:00
..
13242.txt	DB: 2016-03-17	2016-03-17 07:07:56 +00:00

Offensive Security a9e80c57e9 DB: 2016-07-18

164 new exploits

Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit
Snitz Forums 3.3.03 - Remote Command Execution Exploit
CdRecord <= 2.0 - Mandrake Local Root Exploit

Webfroot Shoutbox < 2.32 (Apache) Remote Exploit

Mandrake Linux 8.2 - /usr/mail Local Exploit

Microsoft Windows Media Services - (nsiislog.dll) Remote Exploit

Microsoft Windows - (RPC DCOM) Remote Exploit (48 Targets)

Knox Arkeia Pro 5.1.12 - Backup Remote Root Exploit

Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)

Eudora 6.0.3 Attachment Spoofing Exploit (windows)
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
Redhat 6.2 /sbin/restore - Exploit
Oracle (oidldapd connect) Local Command Line Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
CVS - Remote Entry Line Root Heap Overflow Exploit
UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution
Microsoft Outlook Express Window Opener
Microsoft Outlook Express Javascript Execution

Ping of Death Remote Denial of Service Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit
Microsoft Windows 2000/XP - Task Scheduler .job Exploit (MS04-022)
Microsoft Internet Explorer Overly Trusted Location Cache Exploit

Apache HTTPd - Arbitrary Long HTTP Headers DoS (C)

Microsoft Internet Explorer Remote Null Pointer Crash (mshtml.dll)

CVSTrac Remote Arbitrary Code Execution Exploit

LibPNG <= 1.2.5 - png_jmpbuf() Local Buffer Overflow Exploit

IPD (Integrity Protection Driver) Local Exploit

Bird Chat 1.61 - Denial of Service

D-Link DCS-900 Camera Remote IP Address Changer Exploit

GD Graphics Library Heap Overflow Proof of Concept Exploit

vBulletin LAST.php SQL Injection

miniBB - Input Validation Hole ('user')

phpBB highlight Arbitrary File Upload (Santy.A)

Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search)

PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion

ZeroBoard Worm Source Code

Invision Power Board <= 1.3.1 - Login.php SQL Injection

Veritas Backup Exec Remote File Access Exploit (windows)
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow
ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
MDaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow Exploit
Novell eDirectory 8.7.3 iMonitor Remote Stack Overflow

Microsoft Windows Plug-and-Play (Umpnpmgr.dll) DoS Exploit (MS05-047)

PHP-Nuke <= 7.8 - Search Module Remote SQL Injection Exploit

SGI IRIX <= 6.5.28 - (runpriv) Design Error

Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit

Microsoft Internet Explorer 7 Popup Address Bar Spoofing Weakness

Microsoft Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit

Invision Community Blog Mod 1.2.4 - SQL Injection

Microsoft Windows - (MessageBox) Memory Corruption Local Denial of Service

Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit

PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit

Microsoft Internet Explorer - Recordset Double Free Memory Exploit (MS07-009)

phpGalleryScript 1.0 - (init.gallery.php include_class) RFI

Md-Pro <= 1.0.8x (Topics topicid) Remote SQL Injection

DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service PoC

Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BoF Exploit

Woltlab Burning Board Addon JGS-Treffen SQL Injection

pSys 0.7.0.a (shownews) Remote SQL Injection

JAMM CMS (id) Remote Blind SQL Injection Exploit

Clever Copy 3.0 (results.php) Remote SQL Injection Exploit

GLLCTS2 (listing.php sort) Remote Blind SQL Injection Exploit

PHPMyCart (shop.php cat) Remote SQL Injection

Cartweaver 3 (prodId) Remote Blind SQL Injection Exploit

Oxygen 2.0 (repquote) Remote SQL Injection

MyMarket 1.72 - BlindSQL Injection Exploit

easyTrade 2.x - (detail.php id) Remote SQL Injection

CaupoShop Classic 1.3 - (saArticle[ID]) Remote SQL Injection

AcmlmBoard 1.A2 (pow) Remote SQL Injection

Catviz 0.4.0 beta1 - Multiple Remote SQL Injection Vulnerabilities

DZCP (deV!L_z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit

Webspell 4 (Auth Bypass) SQL Injection

Microsoft Internet Explorer 7 - Memory Corruption PoC (MS09-002)

kloxo 5.75 - Multiple Vulnerabilities

Microsoft Office Web Components (Spreadsheet) ActiveX BoF PoC
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
PulseAudio setuid - Local Privilege Escalation Exploit
PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation

Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)

mDNSResponder 10.4.0 / 10.4.8 - UPnP Location Overflow (OS X)

eWebeditor Directory Traversal

eWebeditor ASP Version - Multiple Vulnerabilities

Radasm .rap file Local Buffer Overflow

Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution

Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) (38 bytes)
Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) shellcode (38 bytes)

Joomla Component com_event - SQL Injection
Aix - execve /bin/sh (88 bytes)
BSD - Passive Connection Shellcode
bsd/PPC - execve /bin/sh (128 bytes)
bsd/x86 - setuid/execve shellcode (30 bytes)
bsd/x86 - setuid/portbind shellcode (94 bytes)
bsd/x86 - execve /bin/sh multiplatform (27 bytes)
bsd/x86 - execve /bin/sh setuid (0) (29 bytes)
bsd/x86 - portbind port 31337 (83 bytes)
bsd/x86 - portbind port random (143 bytes)
bsd/x86 - break chroot (45 bytes)
bsd/x86 - execve /bin/sh Crypt /bin/sh (49 bytes)
bsd/x86 - execve /bin/sh ENCRYPT* (57 bytes)
bsd/x86 - connect (93 bytes)
bsd/x86 - cat /etc/master.passwd | mail [email] (92 bytes)
bsd/x86 - reverse portbind (129 bytes)
bsdi/x86 - execve /bin/sh (45 bytes)
bsdi/x86 - execve /bin/sh (46 bytes)
AIX - execve /bin/sh shellcode (88 bytes)
BSD - Passive Connection Shellcode (124 bytes)
BSD/PPC - execve /bin/sh shellcode (128 bytes)
BSD/x86 - setuid(0) then execve /bin/sh shellcode (30 bytes)
BSD/x86 - setuid/portbind (TCP 31337) shellcode (94 bytes)
BSD/x86 - execve /bin/sh multiplatform shellcode (27 bytes)
BSD/x86 - execve /bin/sh setuid (0) shellcode (29 bytes)
BSD/x86 - portbind port 31337 shellcode (83 bytes)
BSD/x86 - portbind port random shellcode (143 bytes)
BSD/x86 - break chroot shellcode (45 bytes)
BSD/x86 - execve /bin/sh Crypt /bin/sh shellcode (49 bytes)
BSD/x86 - execve /bin/sh ENCRYPT* shellcode (57 bytes)
BSD/x86 - connect torootteam.host.sk:2222 shellcode (93 bytes)
BSD/x86 - cat /etc/master.passwd | mail [email] shellcode (92 bytes)
BSD/x86 - reverse 6969 portbind shellcode (129 bytes)
BSDi/x86 - execve /bin/sh shellcode (45 bytes)
BSDi/x86 - execve /bin/sh shellcode (46 bytes)

Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption
Adobe Acrobat Reader DC 15.016.20045 - Invalid Font (.ttf ) Memory Corruption (1)
bsdi/x86 - execve /bin/sh toupper evasion (97 bytes)
FreeBSD i386/AMD64 - Execve /bin/sh (Anti-Debugging)
freebsd/x86 - setreuid_ execve(pfctl -d) (56 bytes)
freebsd/x86 - connect back.send.exit /etc/passwd (112 bytes)
freebsd/x86 - kill all processes (12 bytes)
freebsd/x86 - rev connect_ recv_ jmp_ return results (90 bytes)
freebsd/x86 - /bin/cat /etc/master.passwd (NULL free) (65 bytes)
freebsd/x86 - reverse portbind /bin/sh (89 bytes)
freebsd/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
freebsd/x86 - encrypted shellcode /bin/sh (48 bytes)
freebsd/x86 - portbind 4883 with auth shellcode
freebsd/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
freebsd/x86 - execve /bin/sh (23 bytes)
freebsd/x86 - execve /bin/sh (2) (23 bytes)
freebsd/x86 - execve /bin/sh (37 bytes)
freebsd/x86 - kldload /tmp/o.o (74 bytes)
freebsd/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes)
freebsd/x86 - execve /tmp/sh (34 bytes)
freebsd/x86 - connect (102 bytes)
freebsd/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
freebsd/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode generator null byte free
Linux/x86 - generate portbind payload
Windows XP SP1 - portbind payload (Generator)
/bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - shellcode null free (Generator)
Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes  (Generator) (18+ bytes / 26+ bytes)
Multi-Format Shellcode Encoding Tool - Beta 2.0 (Win32) (Generator)
iOS Version-independent shellcode
Cisco IOS - Connectback Shellcode
Cisco IOS - Bind Shellcode 1.0 (116 bytes)
Cisco IOS - Tiny Shellcode
Cisco IOS - Shellcode And Exploitation Techniques (BlackHat)
HPUX - execve /bin/sh (58 bytes)
Linux/amd64 - flush iptables rules shellcode (84 bytes)
Linux/amd64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - port bind shellcode (276 bytes)
BSDi/x86 - execve /bin/sh toupper evasion shellcode (97 bytes)
FreeBSD i386 & AMD64 - Execve /bin/sh shellcode (Anti-Debugging) (140 bytes)
FreeBSD/x86 - setreuid_ execve(pfctl -d) shellcode (56 bytes)
FreeBSD/x86 - connect back.send.exit /etc/passwd shellcode (112 bytes)
FreeBSD/x86 - kill all processes shellcode (12 bytes)
FreeBSD/x86 - rev connect_ recv_ jmp_ return results shellcode (90 bytes)
FreeBSD/x86 - /bin/cat /etc/master.passwd NULL free shellcode (65 bytes)
FreeBSD/x86 - reverse portbind 127.0.0.1:8000 /bin/sh shellcode (89 bytes)
FreeBSD/x86 - setuid(0); execve(ipf -Fa); shellcode (57 bytes)
FreeBSD/x86 - encrypted shellcode /bin/sh (48 bytes)
FreeBSD/x86 - portbind 4883 with auth shellcode (222 bytes)
FreeBSD/x86 - reboot(RB_AUTOBOOT) Shellcode (7 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (2) (23 bytes)
FreeBSD/x86 - execve /bin/sh shellcode (37 bytes)
FreeBSD/x86 - kldload /tmp/o.o shellcode (74 bytes)
FreeBSD/x86 - chown 0:0 _ chmod 6755 & execve /tmp/sh shellcode (44 bytes)
FreeBSD/x86 - execve /tmp/sh shellcode (34 bytes)
FreeBSD/x86 - connect (Port 31337) shellcode (102 bytes)
FreeBSD/x86-64 - exec(_/bin/sh_) shellcode (31 bytes)
FreeBSD/x86-64 - execve /bin/sh shellcode (34 bytes)
Linux/x86 - execve shellcode null byte free (Generator)
Linux/x86 - portbind payload shellcode (Generator)
Windows XP SP1 - portbind payload shellcode (Generator)
(Generator) - /bin/sh Polymorphic shellcode with printable ASCII characters
Linux/x86 - cmd shellcode null free (Generator)
(Generator) - Alphanumeric Shellcode Encoder/Decoder
HTTP/1.x requests for shellcodes (Generator) (18+ bytes / 26+ bytes)
Win32 - Multi-Format Shellcode Encoding Tool (Generator)
iOS - Version-independent shellcode
Cisco IOS - Connectback (Port 21) Shellcode
Cisco IOS - Bind Shellcode Password Protected (116 bytes)
Cisco IOS - Tiny Shellcode (New TTY_ Privilege level to 15_ No password)
HPUX - execve /bin/sh shellcode (58 bytes)
Linux/x86-64 - flush iptables rules shellcode (84 bytes)
Linux/x86-64 - connect-back semi-stealth shellcode (88+ bytes)
Linux/MIPS (Linksys WRT54G/GL) - 4919 port bind shellcode (276 bytes)
Linux/MIPS - execve /bin/sh (56 bytes)
Linux/PPC - execve /bin/sh (60 bytes)
Linux/MIPS - execve /bin/sh shellcode (56 bytes)
Linux/PPC - execve /bin/sh shellcode (60 bytes)
Linux/PPC - connect back execve /bin/sh (240 bytes)
Linux/PPC - execve /bin/sh (112 bytes)
Linux/SPARC - connect back (216 bytes)
Linux/SPARC - portbind port 8975 (284 bytes)
Linux/PPC - connect back (192.168.1.1:31337) execve /bin/sh shellcode (240 bytes)
Linux/PPC - execve /bin/sh shellcode (112 bytes)
Linux/SPARC - connect back (192.168.100.1:2313) shellcode (216 bytes)
Linux/SPARC - portbind port 8975 shellcode (284 bytes)

Linux/x86 - Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - 4444 Port Binding Shellcode (xor-encoded) (152 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F (176 bytes)
Linux/x86 - bindport 8000 & add user with root access (225+ bytes)
Linux/x86 - Bind ASM Code Linux (179 bytes)
Linux/x86_64 - setuid(0) + execve(/bin/sh) (49 bytes)
Serial port shell binding & busybox Launching shellcode
Linux/x86 - File unlinker (18+ bytes)
Linux/x86 - Perl script execution (99+ bytes)
Linux/x86 - file reader (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) (30 bytes)
Linux/x86 - setreuid(geteuid()_geteuid())_execve(_/bin/sh__0_0) shellcode (34 bytes)
Linux/x86 - bindport 8000 & execve iptables -F shellcode (176 bytes)
Linux/x86 - bindport 8000 & add user with root access shellcode (225+ bytes)
Linux/x86 - 8000 Bind Port ASM Code Linux shellcode (179 bytes)
Linux/x86-64 - setuid(0) + execve(/bin/sh) shellcode (49 bytes)
Linux/x86 - Serial port shell binding & busybox Launching shellcode (82 bytes)
Linux/x86 - File unlinker shellcode (18+ bytes)
Linux/x86 - Perl script execution shellcode (99+ bytes)
Linux/x86 - file reader shellcode (65+ bytes)
Linux/x86 - chmod(_/etc/shadow__666) & exit(0) shellcode (30 bytes)

Linux/x86 - PUSH reboot() (30 bytes)
Linux/x86 - PUSH reboot() shellcode (30 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 (295 bytes)
Linux/x86 - edit /etc/sudoers for full access (86 bytes)
Ho' Detector - Promiscuous mode detector shellcode (56 bytes)
Linux/x86 - connect-back port UDP/54321 live packet capture shellcode (151 bytes)
Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 shellcode (295 bytes)
Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) for full access shellcode (86 bytes)
Linux/x86 - Ho' Detector - Promiscuous mode detector shellcode (56 bytes)

Linux/x86 - iopl(3); asm(cli); while(1){} (12 bytes)
Linux/x86 - iopl(3); asm(cli); while(1){} shellcode (12 bytes)
Linux/x86 - connect back_ download a file and execute (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode
Linux/x86 - connect back.send.exit /etc/shadow (155 bytes)
Linux/x86 - writes a php connectback shell to the fs (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell (235 bytes)
Linux/x86 - /sbin/iptables -F (40 bytes)
Linux/x86 - kill all processes (11 bytes)
Linux/x86 - connect back (140.115.53.35:9999)_ download a file (cb) and execute shellcode (149 bytes)
Linux/x86 - setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode (39 bytes)
Linux/x86 - connect back (Port )8192.send.exit /etc/shadow shellcode (155 bytes)
Linux/x86 - writes a php connectback shell (/var/www/cb.php) to the filesystem shellcode (508 bytes)
Linux/x86 - rm -rf / attempts to block the process from being stopped shellcode (132 bytes)
Linux/x86 - setuid(0) . setgid(0) . aslr_off shellcode (79 bytes)
Linux/x86 - raw-socket ICMP/checksum shell shellcode (235 bytes)
Linux/x86 - /sbin/iptables -F shellcode (40 bytes)
Linux/x86 - kill all processes shellcode (11 bytes)
Linux/x86 - /sbin/ipchains -F (40 bytes)
Linux/x86 - set system time to 0 and exit (12 bytes)
Linux/x86 - add root user r00t with no password to /etc/passwd (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow (36 bytes)
Linux/x86 - forkbomb (7 bytes)
Linux/x86 - /sbin/ipchains -F shellcode (40 bytes)
Linux/x86 - set system time to 0 and exit shellcode (12 bytes)
Linux/x86 - Add root user _r00t_ with no password to /etc/passwd shellcode (69 bytes)
Linux/x86 - chmod 0666 /etc/shadow shellcode (36 bytes)
Linux/x86 - forkbomb shellcode (7 bytes)
Linux/x86 - setuid(0) + execve(/bin/sh) (28 bytes)
Linux/x86 - execve(/bin/sh) (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() (111+ bytes)
Linux/x86 - executes command after setreuid (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode
Linux/x86 - setuid(0) + execve(/bin/sh) shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) shellcode (22 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and execve() shellcode (111+ bytes)
Linux/x86 - executes command after setreuid shellcode (49+ bytes)
Linux/x86 - stdin re-open and /bin/sh exec shellcode (39 bytes)
Linux/x86 - setuid/portbind shellcode (96 bytes)
Linux/x86 - portbind (define your own port) (84 bytes)
Linux/x86 - setuid/portbind (Port 31337) shellcode (96 bytes)
Linux/x86 - portbind (2707) shellcode (84 bytes)
Linux/x86 - SET_PORT() portbind (100 bytes)
Linux/x86 - SET_IP() Connectback Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) (24 bytes)
Linux/x86 - xor-encoded Connect Back Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header (27 bytes)
Linux/x86 - SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store shellcode (99 bytes)
Linux/x86 - Password Authentication portbind Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP - (68+ bytes)
Linux/x86 - SET_PORT() portbind 31337 tcp shellcode (100 bytes)
Linux/x86 - SET_IP() Connectback (192.168.13.22:31337) Shellcode (82 bytes)
Linux/x86 - execve(/bin/sh) shellcode (24 bytes)
Linux/x86 - xor-encoded Connect Back (127.0.0.1:80) Shellcode (371 bytes)
Linux/x86 - execve(/bin/sh) + ZIP Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + RTF Header shellcode (30 bytes)
Linux/x86 - execve(/bin/sh) + RIFF Header shellcode (28 bytes)
Linux/x86 - execve(/bin/sh) + Bitmap Header shellcode (27 bytes)
Linux/x86 - /tmp/swr to SWAP restore shellcode (109 bytes)
Linux/x86 - SWAP store from /tmp/sws shellcode (99 bytes)
Linux/x86 - Password Authentication portbind (64713) Shellcode (166 bytes)
Linux/x86 - portbind (port 64713) shellcode (86 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (25 bytes)
Linux/x86 - execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (23 bytes)
Linux/x86 - setuid(0) + execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (31 bytes)
Linux/x86 - setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) shellcode (37 bytes)
Linux/x86 - setreuid(0_0) execve(_/bin/sh__ [_/bin/sh__ NULL]) shellcode (33 bytes)
Linux/x86 - HTTP/1.x GET_ Downloads and JMP shellcode (68+ bytes)
Linux/x86 - execve /bin/sh anti-ids (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID (41 bytes)
Linux/x86 - execve /bin/sh (encoded by +1) (39 bytes)
Linux/x86 - Adduser without Password to /etc/passwd (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() (32 bytes)
Linux/x86 - execve /bin/sh anti-ids shellcode (40 bytes)
Linux/x86 - execve /bin/sh xored for Intel x86 CPUID shellcode (41 bytes)
Linux/x86 - execve /bin/sh shellcode (encoded by +1) (39 bytes)
Linux/x86 - Add User _xtz_ without Password to /etc/passwd shellcode (59 bytes)
Linux/x86 - anti-debug trick (INT 3h trap) + execve /bin/sh shellcode (39 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp shellcode (80 bytes)
Linux/x86 - Bind /bin/sh to 31337/tcp + fork() shellcode (98 bytes)
Linux/x86 - 24/7 open cd-rom loop (follows /dev/cdrom symlink) shellcode (39 bytes)
Linux/x86 - eject cd-rom (follows /dev/cdrom symlink) + exit() shellcode (40 bytes)
Linux/x86 - eject/close cd-rom loop (follows /dev/cdrom symlink) shellcode (45 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) + exit() shellcode (32 bytes)
Linux/x86 - normal exit with random (so to speak) return value (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit (4 bytes)
Linux/x86 - reboot() (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console (63 bytes)
Linux/x86 - normal exit with random (so to speak) return value shellcode (5 bytes)
Linux/x86 - getppid() + execve(/proc/pid/exe) shellcode (51 bytes)
Linux/x86 - quick (yet conditional_ eax != 0 and edx == 0) exit shellcode (4 bytes)
Linux/x86 - reboot() shellcode (20 bytes)
Linux/x86 - setreuid(0_ 0) + execve(/bin/sh) shellcode (31 bytes)
Linux/x86 - execve(/bin/sh) / PUSH shellcode (23 bytes)
Linux/x86 - cat /dev/urandom > /dev/console shellcode (63 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); (29 bytes)
Linux/x86 - _exit(1); (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) (36 bytes)
Linux/x86 - dup2(0_0); dup2(0_1); dup2(0_2); shellcode (15 bytes)
Linux/x86 - if(read(fd_buf_512)<=2) _exit(1) else buf(); shellcode (29 bytes)
Linux/x86 - _exit(1); shellcode (7 bytes)
Linux/x86 - read(0_buf_2541); chmod(buf_4755); shellcode (23 bytes)
Linux/x86 - write(0__Hello core!\n__12); (with optional 7 byte exit) shellcode (36 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload (45 bytes)
Linux/x86 - chroot & standart (66 bytes)
Linux/x86 - upload & exec (189 bytes)
Linux/x86 - setreuid/execve (31 bytes)
Linux/x86 - /bin/sh Standard Opcode Array Payload shellcode (21 bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (.s) (187+ bytes)
Linux/x86 - examples of long-term payloads hide-wait-change shellcode (187+ bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (23 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (27 bytes)
Linux/x86 - /bin/sh sysenter Opcode Array Payload shellcode (45 bytes)
Linux/x86 - chroot & standart shellcode (66 bytes)
Linux/x86 - upload & exec shellcode (189 bytes)
Linux/x86 - setreuid/execve shellcode (31 bytes)
Linux/x86 - Radically Self Modifying Code (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code (76 bytes)
Linux/x86 - execve code (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less (45 bytes)
Linux/x86 - symlink /bin/sh xoring (56 bytes)
Linux/x86 - portbind port 5074 toupper (226 bytes)
Linux/x86 - add user t00r ENCRYPT (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT (75 bytes)
Linux/x86 - symlink . /bin/sh (32 bytes)
Linux/x86 - kill snort (151 bytes)
Linux/x86 - shared memory exec (50 bytes)
Linux/x86 - iptables -F (45 bytes)
Linux/x86 - iptables -F (58 bytes)
Linux/x86 - Reverse telnet (134 bytes)
Linux/x86 - connect (120 bytes)
Linux/x86 - chmod 666 /etc/shadow (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy (126 bytes)
Linux/x86 - eject /dev/cdrom (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 (132 bytes)
Linux/x86 - ipchains -F (49 bytes)
Linux/x86 - chmod 666 /etc/shadow (82 bytes)
Linux/x86 - execve /bin/sh (29 bytes)
Linux/x86 - execve /bin/sh (24 bytes)
Linux/x86 - execve /bin/sh (38 bytes)
Linux/x86 - execve /bin/sh (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) (50 bytes)
Linux/x86 - portbind port 5074 (92 bytes)
Linux/x86 - portbind port 5074 + fork() (130 bytes)
Linux/x86 - add user t00r (82 bytes)
Linux/x86 - add user (104 bytes)
Linux/x86 - break chroot (34 bytes)
Linux/x86 - break chroot (46 bytes)
Linux/x86 - break chroot execve /bin/sh (80 bytes)
Linux/x86 - execve /bin/sh encrypted (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion (41 bytes)
execve of /bin/sh after setreuid(0_0)
Linux - chroot()/execve() code (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion (55 bytes)
Linux/x86 - add user (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh (132 bytes)
Linux/x86_64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86_64 - execve(/bin/sh) (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) (121 bytes)
Linux/x86 & unix/SPARC & irix/mips - execve /bin/sh irx.mips (141 bytes)
Linux/x86 & unix/SPARC - execve /bin/sh (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh (38 bytes)
netbsd/x86 - kill all processes shellcode (23 bytes)
netbsd/x86 - callback shellcode (port 6666) (83 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (29 bytes)
netbsd/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); (30 bytes)
netbsd/x86 - execve /bin/sh (68 bytes)
openbsd/x86 - execve(/bin/sh) (23 bytes)
openbsd/x86 - portbind port 6969 (148 bytes)
openbsd/x86 - add user w00w00 (112 bytes)
OS-X/ppc - sync()_ reboot() (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() (72 bytes)
OS-X/PPC - Add user r00t (219 bytes)
OS-X/PPC - execve /bin/sh (72 bytes)
OS-X/PPC - add inetd backdoor (222 bytes)
OS-X/PPC - reboot (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh (88 bytes)
OS-X/PPC - create /tmp/suid (122 bytes)
OS-X/PPC - simple write() (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm (141 bytes)
sco/x86 - execve(_/bin/sh__ ..._ NULL); (43 bytes)
Solaris/SPARC - download and execute (278 bytes)
Solaris/SPARC - executes command after setreuid (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) (600 bytes)
Solaris/SPARC - setreuid/execve (56 bytes)
Solaris/SPARC - portbind (port 6666) (240 bytes)
Solaris/SPARC - execve /bin/sh (52 bytes)
Solaris/SPARC - portbind port 6789 (228 bytes)
Solaris/SPARC - connect-back (204 bytes)
Solaris/SPARC - portbinding shellcode
Linux/x86 - Radically Self Modifying Code shellcode (70 bytes)
Linux/x86 - Magic Byte Self Modifying Code shellcode (76 bytes)
Linux/x86 - execve code shellcode (23 bytes)
Linux/x86 - execve(_/bin/ash__0_0); shellcode (21 bytes)
Linux/x86 - execve /bin/sh alphanumeric shellcode (392 bytes)
Linux/x86 - execve /bin/sh IA32 0xff-less shellcode (45 bytes)
Linux/x86 - symlink /bin/sh xoring shellcode (56 bytes)
Linux/x86 - portbind port 5074 toupper shellcode (226 bytes)
Linux/x86 - Add user _t00r_ encrypt shellcode (116 bytes)
Linux/x86 - chmod 666 shadow ENCRYPT shellcode (75 bytes)
Linux/x86 - symlink . /bin/sh shellcode (32 bytes)
Linux/x86 - kill snort shellcode (151 bytes)
Linux/x86 - shared memory exec shellcode (50 bytes)
Linux/x86 - iptables -F shellcode (45 bytes)
Linux/x86 - iptables -F shellcode (58 bytes)
Linux/x86 - Reverse telnet shellcode (134 bytes)
Linux/x86 - connect shellcode (120 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (41 bytes)
Linux/x86 - cp /bin/sh /tmp/katy ; chmod 4555 katy shellcode (126 bytes)
Linux/x86 - eject /dev/cdrom shellcode (64 bytes)
Linux/x86 - xterm -ut -display [IP]:0 shellcode (132 bytes)
Linux/x86 - ipchains -F shellcode (49 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (82 bytes)
Linux/x86 - execve /bin/sh shellcode (29 bytes)
Linux/x86 - execve /bin/sh shellcode (24 bytes)
Linux/x86 - execve /bin/sh shellcode (38 bytes)
Linux/x86 - execve /bin/sh shellcode (30 bytes)
Linux/x86 - execve /bin/sh setreuid(12_12) shellcode (50 bytes)
Linux/x86 - portbind port 5074 shellcode (92 bytes)
Linux/x86 - portbind port 5074 + fork() shellcode (130 bytes)
Linux/x86 - Add user _t00r_ shellcode (82 bytes)
Linux/x86 - Add user shellcode (104 bytes)
Linux/x86 - break chroot shellcode (34 bytes)
Linux/x86 - break chroot shellcode (46 bytes)
Linux/x86 - break chroot execve /bin/sh shellcode (80 bytes)
Linux/x86 - execve /bin/sh encrypted shellcode (58 bytes)
Linux/x86 - execve /bin/sh xor encrypted shellcode (55 bytes)
Linux/x86 - execve /bin/sh tolower() evasion shellcode (41 bytes)
Linux/x86 - execve of /bin/sh after setreuid(0_0) shellcode (46+ bytes)
Linux/x86 - chroot()/execve() code shellcode (80 bytes)
Linux/x86 - execve /bin/sh toupper() evasion shellcode (55 bytes)
Linux/x86 - Add user _z_ shellcode (70 bytes)
Linux/x86 - break chroot setuid(0) + /bin/sh shellcode (132 bytes)
Linux/x86-64 - bindshell port:4444 shellcode (132 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (33 bytes)
Linux PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (99 bytes)
OS-X PPC & x86 - execve(_/bin/sh__{_/bin/sh__NULL}_NULL) shellcode (121 bytes)
Linux/x86 & Unix/SPARC & IRIX/MIPS - execve /bin/sh shellcode (141 bytes)
Linux/x86 & Unix/SPARC - execve /bin/sh shellcode (80 bytes)
Linux/x86 & bsd/x86 - execve /bin/sh shellcode (38 bytes)
NetBSD/x86 - kill all processes shellcode (23 bytes)
NetBSD/x86 - callback shellcode (port 6666) (83 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (29 bytes)
NetBSD/x86 - setreuid(0_ 0); execve(_/bin//sh__ ..._ NULL); shellcode (30 bytes)
NetBSD/x86 - execve /bin/sh shellcode (68 bytes)
OpenBSD/x86 - execve(/bin/sh) ( shellcode 23 bytes)
OpenBSD/x86 - portbind port 6969 shellcode (148 bytes)
OpenBSD/x86 - Add user _w00w00_ (112 shellcode bytes)
OS-X/PPC - sync()_ reboot() shellcode (32 bytes)
OS-X/PPC - execve(/bin/sh)_ exit() shellcode (72 bytes)
OS-X/PPC - Add user _r00t_ shellcode (219 bytes)
OS-X/PPC - execve /bin/sh shellcode (72 bytes)
OS-X/PPC - Add inetd backdoor shellcode (222 bytes)
OS-X/PPC - reboot shellcode (28 bytes)
OS-X/PPC - setuid(0) + execve /bin/sh shellcode (88 bytes)
OS-X/PPC - create /tmp/suid shellcode (122 bytes)
OS-X/PPC - simple write() shellcode (75 bytes)
OS-X/PPC - execve /usr/X11R6/bin/xterm shellcode (141 bytes)
SCO/x86 - execve(_/bin/sh__ ..._ NULL); shellcode (43 bytes)
Solaris/SPARC - download and execute shellcode (278 bytes)
Solaris/SPARC - executes command after setreuid shellcode (92+ bytes)
Solaris/SPARC - connect-back (with XNOR encoded session) shellcode (600 bytes)
Solaris/SPARC - setreuid/execve shellcode (56 bytes)
Solaris/SPARC - portbind (port 6666) shellcode (240 bytes)
Solaris/SPARC - execve /bin/sh shellcode (52 bytes)
Solaris/SPARC - portbind port 6789 shellcode (228 bytes)
Solaris/SPARC - connect-bac shellcode k (204 bytes)
Solaris/SPARC - portbinding shellcode (240 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion (84 bytes)
Solaris/x86 - add services and execve inetd (201 bytes)
Unixware - execve /bin/sh (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell
Win32/XP SP2 (EN) - cmd.exe (23 bytes)
Solaris/x86 - setuid(0)_ execve(//bin/sh); exit(0) NULL Free shellcode (39 bytes)
Solaris/x86 - setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) shellcode (59 bytes)
Solaris/x86 - execve /bin/sh toupper evasion shellcode (84 bytes)
Solaris/x86 - Add services and execve inetd shellcode (201 bytes)
UnixWare - execve /bin/sh shellcode (95 bytes)
Windows 5.0 < 7.0 x86 - null-free bindshell shellcode
Win32/XP SP2 (EN) - cmd.exe shellcode (23 bytes)
Win32  -SEH omelet shellcode
Win32 - telnetbind by Winexec (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe (32 bytes)
Win32/XP SP2 - cmd.exe (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode  (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute (124 bytes)
Win32 (NT/XP) - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box (110 bytes)
Win32 - WinExec() Command Parameter (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - useradd shellcode for russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method (29 bytes)
Windows 9x/NT/2000/XP - PEB method (31 bytes)
Windows 9x/NT/2000/XP - PEB method (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec (241 bytes)
Windows XP - download and exec source
Windows XP SP1 - Portshell on port 58821 (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute (218+ bytes)
Linux/x86 - kill all processes (9 bytes)
Linux - setuid(0) & execve(_/sbin/poweroff -f_) (47 bytes)
Linux - setuid(0) and cat /etc/shadow
Linux - chmod(/etc/shadow_ 0666) & exit() (33 bytes)
Linux - Linux/x86 execve() (51bytes)
Win32 - SEH omelet shellcode
Win32 - telnetbind by Winexec shellcode (111 bytes)
Win32 - PEB!NtGlobalFlags shellcode (14 bytes)
Win32 XP SP2 FR - Sellcode cmd.exe shellcode (32 bytes)
Win32/XP SP2 - cmd.exe shellcode (57 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder Alphanumeric shellcode (67 bytes)
Win32 - PEB Kernel32.dll ImageBase Finder (ASCII Printable) shellcode (49 bytes)
Win32 - connectback_ receive_ save and execute shellcode
Win32 - Download and Execute Shellcode (Generator) (Browsers Edition) (275+ bytes)
Win32 - Tiny Download and Exec Shellcode (192 bytes)
Win32 - download and execute shellcode (124 bytes)
Win32/NT/XP - IsDebuggerPresent ShellCode (39 bytes)
Win32 SP1/SP2 - Beep Shellcode (35 bytes)
Win32/XP SP2 - Pop up message box shellcode (110 bytes)
Win32 - WinExec() Command Parameter shellcode (104+ bytes)
Win32 - Download & Exec Shellcode (226+ bytes)
Windows NT/2000/XP - add user _slim_ shellcode for Russian systems (318 bytes)
Windows 9x/NT/2000/XP - Reverse Generic Shellcode without Loader (249 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (29 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (31 bytes)
Windows 9x/NT/2000/XP - PEB method shellcode (35 bytes)
Windows XP/2000/2003 - Connect Back shellcode for Overflow Exploit (275 bytes)
Windows XP/2000/2003 - Download File and Exec shellcode (241 bytes)
Windows XP - download and exec source shellcode
Windows XP SP1 - Portshell on port 58821 shellcode (116 bytes)
Windows - (DCOM RPC2) Universal Shellcode
Win64 - (URLDownloadToFileA) download and execute shellcode (218+ bytes)
Linux/x86 - kill all processes shellcode (9 bytes)
Linux/x86 - setuid(0) & execve(_/sbin/poweroff -f_) shellcode (47 bytes)
Linux/x86 - setuid(0) and cat /etc/shadow shellcode (49 bytes)
Linux/x86 - chmod(/etc/shadow_ 0666) & exit() shellcode (33 bytes)
Linux/x86 - Linux/x86 execve() shellcode (51 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux - setreuid (0_0) & execve(/bin/rm /etc/shadow)
Win32 XP SP3 - addFirewallRule
freebsd/x86 - portbind shellcode (167 bytes)
Win32/XP SP2 - calc.exe (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe (23 bytes)
Linux/x86 - chmod 666 /etc/shadow (27 bytes)
Linux/x86 - break chroot (79 bytes)
Linux/x86 - fork bomb (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() (107 bytes)
Windows XP SP2 - PEB ISbeingdebugged shellcode (56 bytes)
Linux/x86 - overwrite MBR on /dev/sda with _LOL!' shellcode (43 bytes)
Win32 XP SP3 - ShellExecuteA shellcode
Linux/x86 - setreuid (0_0) & execve(/bin/rm /etc/shadow) shellcode
Win32 XP SP3 - Add Firewall Rule to allow TCP traffic on port 445 shellcode
FreeBSD/x86 - portbind (Port 1337) shellcode (167 bytes)
Win32/XP SP2 - calc.exe shellcode (45 bytes)
Linux/x86 - unlink(/etc/passwd) & exit() shellcode (35 bytes)
Win32/XP SP2 (EN + AR) - cmd.exe shellcode (23 bytes)
Linux/x86 - chmod 666 /etc/shadow shellcode (27 bytes)
Linux/x86 - break chroot shellcode (79 bytes)
Linux/x86 - fork bomb shellcode (6 bytes)
Linux/x86 - append _/etc/passwd_ & exit() shellcode (107 bytes)
Linux/x86 - eject /dev/cdrom (42 bytes)
Win32 XP SP2 FR - calc (19 bytes)
Linux/x86 - eject /dev/cdrom shellcode (42 bytes)
Win32 XP SP2 FR - calc shellcode (19 bytes)
Linux/x86 - ip6tables -F (47 bytes)
Linux i686 - pacman -S <package> (default package: backdoor) (64 bytes)
Linux i686 - pacman -R <package> (59 bytes)
Linux - bin/cat /etc/passwd (43 bytes)
Win32 XP SP3 English - cmd.exe (26 bytes)
Win32 XP SP2 Turkish - cmd.exe (26 bytes)
Linux/x86 - /bin/sh (8 bytes)
Linux/x86 - execve /bin/sh (21 bytes)
Windows XP Home Edition SP2 English - calc.exe (37 bytes)
Windows XP Home Edition SP3 English - calc.exe (37 bytes)
Linux/x86 - disabled modsecurity (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Linux/x86 - ip6tables -F shellcode (47 bytes)
Linux/i686 - pacman -S <package> (default package: backdoor) shellcode (64 bytes)
Linux/i686 - pacman -R <package> shellcode (59 bytes)
Linux/x86 - bin/cat /etc/passwd shellcode (43 bytes)
Win32 XP SP3 English - cmd.exe shellcode (26 bytes)
Win32 XP SP2 Turkish - cmd.exe shellcode (26 bytes)
Linux/x86 - /bin/sh shellcode (8 bytes)
Linux/x86 - execve /bin/sh shellcode (21 bytes)
Windows XP Home Edition SP2 English - calc.exe shellcode (37 bytes)
Windows XP Home Edition SP3 English - calc.exe shellcode (37 bytes)
Linux/x86 - disabled modsecurity shellcode (64 bytes)
Win32 - JITed stage-0 shellcode
Win32 - JITed exec notepad Shellcode
Windows XP Professional SP2 ITA - calc.exe shellcode (36 bytes)
Win32 - Mini HardCode WinExec&ExitProcess Shellcode (16 bytes)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox (Metasploit)
Win32/XP SP3 (RU) - WinExec+ExitProcess cmd shellcode (12 bytes)
Win32 - MessageBox shellcode (Metasploit)
chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
execve(_/bin/sh_) shellcode (25 bytes)
DoS-Badger-Game shellcode (6 bytes)
SLoc-DoS shellcode (55 bytes)
execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
chmod(_/etc/shadow__ 0777) Shellcode(33 bytes)
chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0666) shellcode (36 bytes)
Linux/x86-64 - execve(_/bin/sh_) shellcode (25 bytes)
Linux/x86 - DoS-Badger-Game shellcode (6 bytes)
Linux/x86 - SLoc-DoS shellcode (55 bytes)
Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) Shellcode (33 bytes)
Linux/x86 - chmod(_/etc/shadow__ 0777) shellcode (29 bytes)
Linux/x86 - polymorphic forkbombe (30 bytes)
Linux/x86 - forkbomb
setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86_64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86_64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) (27 bytes)
Linux/x86 - polymorphic forkbombe shellcode (30 bytes)
Linux/x86 - forkbomb shellcode (6 bytes)
Linux/x86 - setreud(getuid()_ getuid()) & execve(_/bin/sh_) Shellcode (34 bytes)
Linux/x86-64 - reboot(POWER_OFF) shellcode (19 bytes)
Linux/x86-64 - execve(_/bin/sh_); shellcode (30 bytes)
Linux/x86 - sends _Phuck3d!_ to all terminals shellcode (60 bytes)
Linux/x86 - execve(_/bin/bash___-p__NULL) shellcode (33 bytes)
Linux/x86 - polymorphic execve(_/bin/bash___-p__NULL) shellcode (57 bytes)
Windows XP SP2 FR - Download and Exec Shellcode
Linux/x86 - execve(_/usr/bin/wget__ _aaaa_); shellcode (42 bytes)
Linux/x86 - sys_execve(_/bin/sh__ _0__ _0_) with umask 16 (sys_umask(14)) shellcode (45 bytes)
Solaris/x86 - execve(_/bin/sh___/bin/sh__NULL) shellcode (27 bytes)
Solaris/x86 - Reboot() (37 bytes)
Solaris/x86 - Remote Download file (79 bytes)
Linux/x86 - Disable randomize stack addresse (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode 83
Solaris/x86 - Reboot() shellcode (37 bytes)
Solaris/x86 - Remote Download file shellcode (79 bytes)
Linux/x86 - Disable randomize stack addresse shellcode (106 bytes)
Linux/x86 - pwrite(_/etc/shadow__ hash_ 32_ 8) Shellcode (83 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Shellcode Polymorphic - setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
change mode 0777 of _/etc/shadow_ with sys_chmod syscall (39 bytes)
Linux/x86 - kill all running process (11 bytes)
change mode 0777 of _/etc/passwd_ with sys_chmod syscall (39 bytes)
Windows 7 Pro SP1 64 FR - (Beep) Shellcode (39 bytes)
Linux/x86 - Polymorphic setuid(0) + chmod(_/etc/shadow__ 0666) Shellcode (61 bytes)
Linux/x86 - change mode 0777 of _/etc/shadow_ with sys_chmod syscall shellcode (39 bytes)
Linux/x86 - kill all running process shellcode (11 bytes)
Linux/x86 - change mode 0777 of _/etc/passwd_ with sys_chmod syscall shellcode (39 bytes)

Windows 7 x64 - cmd Shellcode (61 bytes)
Linux/x86 - hard / unclean reboot (29 bytes)
Linux/x86 - hard / unclean reboot (33 bytes)
Solaris/x86 - SystemV killall command (39 bytes)
Linux/x86 - hard / unclean reboot shellcode (29 bytes)
Linux/x86 - hard / unclean reboot shellcode (33 bytes)
Solaris/x86 - SystemV killall command shellcode (39 bytes)

Linux/x86 - give all user root access when execute /bin/sh (45 bytes)
Linux/x86 - give all user root access when execute /bin/sh shellcode (45 bytes)

Linux/x86 - netcat connect back port 8080 (76 bytes)
Linux/x86 - netcat connect back port 8080 shellcode (76 bytes)

Windows - MessageBoxA Shellcode
Windows - MessageBoxA Shellcode (238 bytes)

Solaris/x86 - Sync() & reboot() & exit(0) (48 bytes)
Solaris/x86 - Sync() & reboot() & exit(0) shellcode (48 bytes)

Linux/x86_64 - Disable ASLR Security (143 bytes)
Linux/x86-64 - Disable ASLR Security shellcode (143 bytes)

Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) (131 bytes)
Linux/x86 - Polymorphic Bindport 31337 with setreuid (0_0) shellcode (131 bytes)

Linux/x86_64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) (63 bytes)
Linux/x86-64 - setuid(0) & chmod (_/etc/passwd__ 0777) & exit(0) shellcode (63 bytes)

Linux/x86_64 - Add root user with password (390 bytes)
Linux/x86-64 - Add root user _shell-storm_ with password _leet_ shellcode (390 bytes)

Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess (176+ bytes)
Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes)

Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes)
Linux/ARM - setuid(0) & kill(-1_ SIGKILL) shellcode (28 bytes)

Linux/ARM - execve(_/bin/sh___/bin/sh__0) (30 bytes)
Linux/ARM - execve(_/bin/sh___/bin/sh__0) shellcode (30 bytes)

Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) (84 bytes)
Linux/ARM - polymorphic chmod(_/etc/shadow__ 0777) shellcode (84 bytes)

Linux/ARM - Disable ASLR Security (102 bytes)
Linux/ARM - Disable ASLR Security shellcode (102 bytes)

Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded (78 bytes)
Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded shellcode (78 bytes)

Linux/x86 - bind shell port 64533 (97 bytes)
Linux/x86 - bind shell port 64533 shellcode (97 bytes)

Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode (161 bytes)
Linux - Drop suid shell root in /tmp/.hiddenshell Polymorphic Shellcode (161 bytes)

Linux - 125 bind port to 6778 XOR encoded polymorphic
Linux - 125 bind port to 6778 XOR encoded polymorphic shellcode (125 bytes)

Linux - nc -lp 31337 -e /bin//sh polymorphic shellcode (91 bytes)
Linux - _nc -lp 31337 -e /bin//sh_ polymorphic shellcode (91 bytes)

Win32 - Write-to-file Shellcode
Win32 - Write-to-file Shellcode (278 bytes)

Linux/x86_64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) (49 bytes)
Linux/x86-64 - execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL) shellcode (49 bytes)

Linux/x86 - netcat bindshell port 8080 (75 bytes)
Linux/x86 - netcat bindshell port 8080 shellcode (75 bytes)

Mini-Stream RM-MP3 Converter 3.1.2.1 - (.pls) Stack Buffer Overflow universal

PHP-Nuke 8.1 SEO Arabic - Remote File Include

bds/x86 - bindshell on port 2525 shellcode (167 bytes)
BSD/x86 - bindshell on port 2525 shellcode (167 bytes)

Win32 - Shellcode Checksum Routine (18 bytes)

Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) (27 bytes)
Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (27 bytes)

Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit

Audiotran 1.4.2.4 SEH Overflow Exploit

Joomla Component (com_elite_experts) SQL Injection

Win32/XP SP3 (TR) - Add Admin Account Shellcode (127 bytes)
Win32/XP SP3 (TR) - Add Admin _zrl_ Account Shellcode (127 bytes)

Traidnt UP - Cross-Site Request Forgery Add Admin Account

Allpc 2.5 osCommerce - (SQL/XSS) Multiple Vulnerabilities
Win32/XP Pro SP3 (EN) 32-bit - add new local administrator (113 bytes)
Win32 - add new local administrator (326 bytes)
Win32/XP Pro SP3 (EN) 32-bit - Add new local administrator _secuid0_ shellcode (113 bytes)
Win32 - Add new local administrator shellcode _secuid0_ (326 bytes)

HP Data Protector Media Operations NULL Pointer Dereference Remote DoS

AnyDVD <= 6.7.1.0 - Denial of Service
ARM - Bindshell port 0x1337
ARM - Bind Connect UDP Port 68
ARM - Loader Port 0x1337
ARM - ifconfig eth0 and Assign Address
ARM - Bindshell port 0x1337shellcode
ARM - Bind Connect UDP Port 68 shellcode
ARM - Loader Port 0x1337 shellcode
ARM - ifconfig eth0 and Assign Address 192.168.0.2 shellcode

Linux/ARM - add root user with password (151 bytes)
Linux/ARM - Add root user _shell-storm_ with password _toor_ shellcode (151 bytes)

OS-X/Intel - setuid shell x86_64 (51 bytes)
OS-X/Intel - setuid shell x86_64 shellcode (51 bytes)

Create a New User with UID 0 - ARM (Metasploit)
ARM - Create a New User with UID 0 shellcode (Metasploit) (Generator) (66+ bytes)

Windows Win32k Pointer Dereferencement PoC (MS10-098)

Win32 - speaking shellcode
bds/x86 - connect back Shellcode (81 bytes)
bds/x86 - portbind + fork shellcode (111 bytes)
bsd/x86 - connect back Shellcode (81 bytes)
BSD/x86 - 31337 portbind + fork shellcode (111 bytes)

Win32 - eggsearch shellcode (33 bytes)

Arkeia Backup Client Type 77 - Overflow (Win32)

Oracle 9i XDB FTP PASS Overflow (Win32)

SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow

SHTTPD <= 1.34 - URI-Encoded POST Request Overflow (Win32)

Icecast <= 2.0.1 - Header Overwrite (Win32)

McAfee ePolicy Orchestrator / ProtectionPilot Overflow

Oracle 9i XDB HTTP PASS Overflow (Win32)

Linux/SuperH - sh4 - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) (43 bytes)
Linux/SuperH (sh4) - setuid(0) - chmod(_/etc/shadow__ 0666) - exit(0) shellcode (43 bytes)

Linux/x86 - netcat bindshell port 6666 (69 bytes)
Linux/x86 - netcat bindshell port 6666 shellcode (69 bytes)

OS-X/Intel - reverse_tcp shell x86_64 (131 bytes)
OS-X/Intel - reverse_tcp shell x86_64 shellcode (131 bytes)

Windows - WinExec add new local administrator + ExitProcess Shellcode (279 bytes)
Windows - WinExec add new local administrator _RubberDuck_ + ExitProcess Shellcode (279 bytes)

Linux/x86 - ASLR deactivation (83 bytes)
Linux/x86 - ASLR deactivation shellcode (83 bytes)

Linux/x86 - ConnectBack with SSL connection (422 bytes)
Linux/x86 - ConnectBack with SSL connection shellcode (422 bytes)

SuperH (sh4) - Add root user with password (143 bytes)
Linux/SuperH (sh4) - Add root user _shell-storm_ with password _toor_ shellcode (143 bytes)

Win32/PerfectXp-pc1/SP3 TR - Add Admin Shellcode (112 bytes)
Win32/PerfectXp-pc1/SP3 TR - Add Admin _kpss_ Shellcode (112 bytes)

Linux/MIPS - execve (52 bytes)
Linux/MIPS - execve shellcode (52 bytes)

QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows DEP_ASLR BYPASS

Linux/SuperH - sh4 - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) (27 bytes)
Linux/SuperH (sh4) - setuid(0) ; execve(_/bin/sh__ NULL_ NULL) shellcode (27 bytes)
Linux/MIPS - execve /bin/sh (48 bytes)
Linux/MIPS - add user(UID 0) with password (164 bytes)
Linux/MIPS - execve /bin/sh shellcode (48 bytes)
Linux/MIPS - Add user(UID 0) _rOOt_ with password _pwn3d_ shellcode (164 bytes)

Linux/x86_64 - execve(/bin/sh) (52 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (52 bytes)

Linux/MIPS - reboot() (32 bytes)
Linux/MIPS - reboot() shellcode (32 bytes)

GdiDrawStream BSoD using Safari

Linux/x86 - Polymorphic ShellCode - setuid(0)+setgid(0)+add user 'iph' without password to /etc/passwd
Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_  without password to /etc/passwd

Linux/x86 - Search For php/html Writable Files and Add Your Code (380+ bytes)
Linux/x86 - Search For php/html Writable Files and Add Your Code shellcode (380+ bytes)

Linux/x86_64 - add user with passwd (189 bytes)
Linux/x86-64 - Add user _t0r_ with password _Winner_ shellcode (189 bytes)

Linux/x86 - execve(/bin/dash) (42 bytes)
Linux/x86 - execve(/bin/dash) shellcode (42 bytes)

Linux/x86 - chmod 666 /etc/passwd & /etc/shadow (57 bytes)
Linux/x86 - chmod 666 /etc/passwd & /etc/shadow shellcode (57 bytes)

Microsoft Windows Kernel - Intel x64 SYSRET PoC
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) (41 bytes)
Linux/ARM (Raspberry Pi) - reverse_shell (tcp_10.1.1.2_0x1337) shellcode (72 bytes)
Linux/ARM (Raspberry Pi) - execve(_/bin/sh__ [0]_ [0 vars]) shellcode (30 bytes)
Linux/ARM (Raspberry Pi) - chmod(_/etc/shadow__ 0777) shellcode (41 bytes)

Windows XP Pro SP3 - Full ROP calc shellcode
Windows XP Pro SP3 - Full ROP calc shellcode (428 bytes)

Novell Client 2 SP3 - nicm.sys Local Privilege Escalation

MIPS Little Endian - Shellcode
MIPS - (Little Endian) system() Shellcode (80 bytes)

Windows RT ARM - Bind Shell (Port 4444)
Windows RT ARM - Bind Shell (Port 4444) shellcode

Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation

Linux/x86 - Multi-Egghunter
Linux/x86 - Multi-Egghunter shellcode

MIPS Little Endian - Reverse Shell Shellcode (Linux)
Linux/MIPS - (Little Endian) Reverse Shell (192.168.1.177:31337) Shellcode (200 bytes)

Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation

Windows - Add Admin User Shellcode (194 bytes)
Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)

Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)

OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege

Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation

MQAC.sys Arbitrary Write Privilege Escalation

Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh (378 bytes)
Linux/x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh shellcode (378 bytes)

VirtualBox 3D Acceleration Virtual Machine Escape

Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash (521 bytes)
Linux/x86 - Obfuscated Shellcode chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User _ALI_ & Execute /bin/bash (521 bytes)

Connect Back (139 bytes)
Linux/x86-64 - Connect Back shellcode (139 bytes)

Linux/x86 - Add map in /etc/hosts file
Linux/x86 - Add map in /etc/hosts file (google.com 127.1.1.1) shellcode (77 bytes)

Microsoft Bluetooth Personal Area Networking - (BthPan.sys) Privilege Escalation

MS14-060 Microsoft Windows OLE Package Manager Code Execution

Position independent & Alphanumeric 64-bit execve(_/bin/sh\0__NULL_NULL); (87 bytes)
Linux/x86-64 - Position independent & Alphanumeric execve(_/bin/sh\0__NULL_NULL); shellcode (87 bytes)

Offset2lib: Bypassing Full ASLR On 64 bit Linux

Linux/x86 - rmdir (37 bytes)
Linux/x86 - rmdir shellcode (37 bytes)

Linux/x64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)
Linux/x86-64 - Bind TCP port shellcode (81 bytes / 96 bytes with password)

Linux/x64 - Reverse TCP connect (77 to 85 bytes / 90 to 98 bytes with password)
Linux/x86-64 - Reverse TCP connect shellcode (77 to 85 bytes / 90 to 98 bytes with password)

RedStar 3.0 Desktop -  (Software Manager swmng.app) Privilege Escalation
RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation
Windows x86 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)
Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)

Linux/MIPS - execve (36 bytes)
Linux/MIPS - execve /bin/sh shellcode (36 bytes)

Windows XP x86-64 - Download & execute (Generator)
Windows XP x86-64 - Download & execute shellcode (Generator)

Linux Kernel <= 3.17.5 - IRET Instruction #SS Fault Handling Crash PoC

Linux/MIPS (Little Endian) - Chmod 666 /etc/shadow (55 bytes)
Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes)

Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd (55 bytes)
Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes)

Reads Data From /etc/passwd To /tmp/outfile (118 bytes)
Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile shellcode (118 bytes)

Linux/x86 - ROT13 encoded execve(_/bin/sh_) (68 bytes)
Linux/x86 - ROT13 encoded execve(_/bin/sh_) shellcode (68 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) (40 bytes)
Linux/x86 - chmod 0777 /etc/shadow obfuscated shellcode (84 bytes)
Linux/x86 - Obfuscated map google.com to 127.1.1.1 shellcode (98 bytes)
Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes)
Linux/x86 - Reverse TCP Shell (72 bytes)
Linux/x86 - TCP Bind Shell (96 bytes)
Linux/x86 - Reverse TCP Shell shellcode (72 bytes)
Linux/x86 - TCP Bind Shel shellcode l (96 bytes)

Linux - Disable ASLR (84 bytes)
Linux/x86 - Disable ASLR shellcode (84 bytes)

Linux/x86 - Egg-hunter (20 bytes)
Linux/x86 - Egg-hunter shellcode (20 bytes)

Create 'my.txt' Working Directory (37 bytes)
Linux/x86 - Create 'my.txt' Working Directory shellcode (37 bytes)

Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) (49 bytes)
Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) shellcode (49 bytes)
Win32/XP SP3 - Create (_file.txt_) (83 bytes)
Win32/XP SP3 - Restart computer
Linux - custom execve-shellcode Encoder/Decoder
Win32/XP SP3 - Create (_file.txt_) shellcode (83 bytes)
Win32/XP SP3 - Restart computer shellcode (57 bytes)
Linux/x86 - custom execve-shellcode Encoder/Decoder

Linux/x86_64 - Execve /bin/sh Shellcode Via Push (23 bytes)
Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)

Linux/x86 - exit(0) (6 bytes)
Linux/x86 - exit(0) shellcode (6 bytes)

Windows 8.0 < 8.1 x64 - TrackPopupMenu Privilege Escalation (MS14-058)

Linux/x86 - chmod() 777 /etc/shadow & exit() (33 bytes)
Linux/x86 - chmod() 777 /etc/shadow & exit() shellcode (33 bytes)

Linux/x86 - /etc/passwd Reader (58 bytes)
Linux/x86 - /etc/passwd Reader shellcode (58 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 (60 bytes)
Linux/x86 - mkdir HACK & chmod 777 and exit(0) shellcode (29 bytes)
Linux/x86 - Netcat BindShell Port 5555 shellcode (60 bytes)

Linux/x86_64 - execve(/bin/sh) (30 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (30 bytes)
Linux/x86 - Download & Execute
Linux/x86 - Reboot (28 bytes)
Linux/x86 - Download & Execute shellcode
Linux/x86 - Reboot shellcode (28 bytes)

Linux/x86 - execve /bin/sh (23 bytes)
Linux/x86 - execve /bin/sh shellcode (23 bytes)

Linux 64bit - Encoded execve shellcode
Linux/x86-64 - Encoded execve shellcode (57 bytes)

encoded 64 bit execve shellcode
Linux/x86-64 - encoded execve shellcode (57 bytes)

Win32/XP SP3 (TR) - MessageBox (24 bytes)
Win32/XP SP3 (TR) - MessageBox shellcode (24 bytes)

Windows XP SP3 x86 / 2003 SP2 x86 - NDProxy Privilege Escalation (MS14-002)

Windows x86 - user32!MessageBox _Hello World!_ Null-Free (199 bytes)
Windows x86 - user32!MessageBox _Hello World!_ Null-Free shellcode (199 bytes)

Symantec Endpoint Protection Manager Authentication Bypass and Code Execution

Adobe Flash XMLSocket Destructor Not Cleared Before Setting User Data in connect
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion
Adobe Flash Heap-Based Buffer Overflow Loading FLV File with Nellymoser Audio Codec
Adobe Flash Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File
Adobe Flash Shared Object Type Confusion

Windows 2003 x64 - Token Stealing shellcode (59 bytes)

OS-X x64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)

Mainframe/System Z - Bind Shell
Mainframe/System Z - Bind Shell shellcode (2488 bytes)

ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC

Linux/x86 - execve(/bin/bash) (31 bytes)
Linux/x86 - execve(/bin/bash) shellcode (31 bytes)

Linux/x86 - Create file with permission 7775 and exit (Shell Generator)
Linux/x86 - Create file with permission 7775 and exit shellcode (Generator)

Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) (75 bytes)
Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) shellcode (75 bytes)

OS-X x64 - tcp bind shellcode_ NULL byte free (144 bytes)
OS-X/x86-64 - tcp bind shellcode_ NULL byte free (144 bytes)

Linux/x86_64 - /bin/sh
Linux/x86-64 - /bin/sh shellcode

Android Shellcode Telnetd with Parameters
Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)

Microsoft Windows - Font Driver Buffer Overflow (MS15-078)

Linux/x86_64 - execve Shellcode (22 bytes)
Linux/x86-64 - execve Shellcode (22 bytes)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)
Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)
Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)
Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)
Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)
Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)
Windows Kernel - SURFOBJ NULL Pointer Dereference (MS15-061)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)
Windows Kernel - WindowStation Use-After-Free (MS15-061)
Windows Kernel - NULL Pointer Dereference with Window Station and Clipboard (MS15-061)
Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)
Windows Kernel - FlashWindowEx Memory Corruption (MS15-097)
Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)
Windows Kernel - Use-After-Free with Cursor Object (MS15-097)
Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)
Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)

Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)

Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation

Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)

Linux/x86_64 - Bindshell with Password (92 bytes)
Linux/x86-64 - Bindshell with Password shellcode (92 bytes)

Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution

Linux/x64 - egghunter (24 bytes)
Linux/x86-64 - egghunter shellcode (24 bytes)

Linux/x86_64 - Polymorphic execve Shellcode (31 bytes)
Linux/x86-64 - Polymorphic execve Shellcode (31 bytes)

Windows XP<10 - Null-Free WinExec Shellcode (Python)
Windows XP < 10 - Null-Free WinExec Shellcode (Python) (Generator)
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free
win32k Desktop and Clipboard - Null Pointer Derefence
win32k Clipboard Bitmap - Use-After-Free

Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010)

Adobe Flash Selection.SetSelection - Use-After-Free

Adobe Flash Sound.setTransform - Use-After-Free

Linux/x64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86-64 - Bind TCP Port Shellcode (103 bytes)
Linux/x86_64 - bind TCP port shellcode (103 bytes)
TCP Bindshell with Password Prompt (162 bytes)
Linux/x86-64 - bind TCP port shellcode (103 bytes)
Linux/x86-64 - TCP Bindshell with Password Prompt shellcode (162 bytes)

TCP Reverse Shell with Password Prompt (151 bytes)
Linux/x86-64 - TCP Reverse Shell with Password Prompt shellcode (151 bytes)
Linux/x86_64 - Egghunter (18 bytes)
Linux/x86 - Egg-hunter (13 bytes)
Linux/x86-64 - Egghunter shellcode (18 bytes)
Linux/x86 - Egg-hunter shellcode (13 bytes)

Adobe Flash - Use-After-Free When Setting Stage

Linux/x86_64 - xor/not/div Encoded execve Shellcode (54 bytes)
Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes)

Linux x86 & x86_64 - reverse_tcp Shellcode
Linux x86 & x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)
Linux x86 & x86_64 - tcp_bind Shellcode
Linux x86 & x86_64 - Read etc/passwd Shellcode
Linux x86 & x86_64 - tcp_bind (Port 4444) Shellcode (251 bytes)
Linux x86 & x86_64 - Read /etc/passwd Shellcode (156 bytes)

Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (1) (122 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (1) (122 bytes)
Linux/x86_64 - shell_reverse_tcp with Password - Polymorphic Version (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode
Linux/x86_64 - Polymorphic Execve-Stack (47 bytes)
Linux/x86-64 - shell_reverse_tcp with Password Polymorphic shellcode (2) (135 bytes)
Linux/x86 - Download & Execute Shellcode (135 bytes)
Linux/x86-64 - Polymorphic Execve-Stack shellcode (47 bytes)

Microsoft Windows - afd.sys Dangling Pointer Privilege Escalation (MS14-040)

Linux/ARM - Connect back to {ip:port} with /bin/sh (95 bytes)
Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh shellcode (95 bytes)
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
Windows x86 - Null-Free Download & Run via WebDAV Shellcode (96 bytes)
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation

Microsoft Windows 7 x64 - afd.sys Privilege Escalation (MS14-040)

Linux/x86_64 - Reverse Shell Shellcode
Linux/x86-64 - Reverse Shell Shellcode

Linux/x86_64 - execve(/bin/sh) (26 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (26 bytes)
Linux/x86_64 - execve(/bin/sh) (25 bytes)
Linux/x86_64 - execve(/bin/bash) (33 bytes)
Linux/x86-64 - execve(/bin/sh) shellcode (25 bytes)
Linux/x86-64 - execve(/bin/bash) shellcode (33 bytes)

Linux/x86_64 - bindshell (Pori: 5600) (81 bytes)
Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes)

Linux/x86_64 - Read /etc/passwd (65 bytes)
Linux/x86-64 - Read /etc/passwd shellcode (65 bytes)

Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)

Linux/x86_64 - bindshell (Port 5600) (86 bytes)
Linux/x86-64 - bindshell (Port 5600) shellcode (86 bytes)

Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode
Windows x86 - URLDownloadToFileA()+SetFileAttributesA()+WinExec()+ExitProcess() Shellcode (394 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6)
Linux/x86 - Bind TCP Port 1472 (IPv6) (1250 bytes)
Linux/x86 - Reverse TCP Shellcode (IPv6) (159 bytes)
Linux/x86 - Bind TCP Port 1472 (IPv6) shellcode (1250 bytes)
Linux/x64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
Linux/x86-64 - Bind Shell Shellcode (Generator)
PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)

Win32 .Net Framework - Execute Native x86 Shellcode

Linux/x86_64 - Bind TCP Port 1472 (IPv6)
Linux/x86-64 - Bind TCP Port 1472 shellcode (IPv6) (199 bytes)

Linux/x86_64 - Reverse TCP (IPv6)
Linux/x86-64 - Reverse TCP shellcode (IPv6) (203 bytes)

Linux/x86 - Bindshell with Configurable Port (87 bytes)
Linux/x86 - Bindshell with Configurable Port shellcode (87 bytes)

Linux/x86_64 - Null-Free Reverse TCP Shell
Linux/x86-64 - Null-Free Reverse TCP Shell shellcode (134 bytes)

Linux/x86_64 - Information Stealer Shellcode
Linux/x86-64 - Information Stealer Shellcode (399 bytes)

Linux/x86 - TCP Bind Shell Port 4444 (656 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (656 bytes)

Linux/x86_64 - XOR Encode execve Shellcode
Linux/x86-64 - XOR Encode execve Shellcode

Windows x86 - WinExec(_cmd.exe__0) Shellcode
Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)

Windows x86 - system(_systeminfo_) Shellcode
Windows x86 - system(_systeminfo_) Shellcode (224 bytes)

Windows - Custom Font Disable Policy Bypass

PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit)

Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode
Windows x86 - ShellExecuteA(NULL_NULL__cmd.exe__NULL_NULL_1) Shellcode (250 bytes)

Linux/x86_64 - /etc/passwd File Sender Shellcode
Linux/x86-64 - /etc/passwd File Sender Shellcode (164 bytes)

Windows 7 SP1 x86 - Privilege Escalation (MS16-014)

Linux 64bit - NetCat Bind Shell Shellcode (64 bytes)
Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes)

Linux/x86 - TCP Bind Shell Port 4444 (98 bytes)
Linux/x86 - TCP Bind Shell Port 4444 shellcode (98 bytes)

Linux 64bit - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)
Linux/x86-64 - Ncat Shellcode (SSL_ MultiChannel_ Persistant_ Fork_ IPv4/6_ Password) (176 bytes)

Linux/x86_64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password (172 bytes)
Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password shellcode (172 bytes)

Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10
Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 shellcode (68 bytes)

2016-07-18 05:02:52 +00:00

13242.txt

DB: 2016-03-17

2016-03-17 07:07:56 +00:00