Linux x86 - Socket Re-use Shellcode 50 bytes

Linux x86 - Socket Re-use Shellcode 50 bytes. CVE-2014-4943. Shellcode exploit for linx86 platform / Socket Re-use Combo for linux x86 systems by ZadYree -- 50 bytes Made using sockfd trick + dup20,0, dup20,1, dup20,2 + execve /bin/sh Thanks: Charles Stevenson, ipv, 3LRVS research team gcc -o...

linux/x86 write(0 Hello core!\n"" 12)

No description provided by source. / writehello-core.c by Charles Stevenson [email protected] I made this as a chunk you can paste in to make modular remote exploits. I use it to see if my dup2loop worked. If you don't get "Hello core!\n" back it's a good indicator your shell won't be functional th...

linux/ppc read & exec shellcode 32 bytes

No description provided by source. / readnexecppc-core.c by Charles Stevenson [email protected] / char hellcode = / read0,stack,1028; stack; linux/ppc by core / "\x7c\x63\x1a\x79" / xor. r3,r3,r3 / "\x38\xa0\x04\x04" / li r5,1028 / "\x30\x05\xfb\xff" / addic r0,r5,-1025 / "\x7c\x24\x0b\x78" / mr...

Solaris 10 DtPrintinfo/Session Local Root Exploit (x86)

No description provided by source. !/usr/bin/perl Solaris 10 DtPrintinfo/Session Exploit x86 EDUCATIONAL purposes only.... :- by Charles Stevenson core [email protected] greetz to raptor for sharing this vulnerability and in no specific order just want to show love for: nemo, andrewg, jduck,...

linux/ppc - connect back execve /bin/sh 240 bytes

linux/ppc connect back execve /bin/sh 240 bytes. Shellcode exploit for linuxppc platform / connect-core5.c by Charles Stevenson / char hellcode = / connect back & execve /bin/sh linux/ppc by core / "\x7c\x3f\x0b\x78" /mr r31,r1/ "\x3b\x40\x01\x0e" /li r26,270/ "\x3b\x5a\xfe\xf4" /addi r26,r26,-26...

x_dtsuids.pl.txt

!/usr/bin/perl Solaris 10 DtPrintinfo/Session Exploit x86 EDUCATIONAL purposes only.... :- by Charles Stevenson core greetz to raptor for sharing this vulnerability and in no specific order just want to show love for: nemo, andrewg, jduck, bannedit, runixd, charbuff, sloth, ktha, KF, akt0r, MRX,...

gpsdrive <= 2.09 (friendsd2) Remote Format String Exploit (ppc)

Exploit for linux platform in category remote exploits =============================================================== gpsdrive = 2.09 friendsd2 Remote Format String Exploit ppc =============================================================== !/usr/bin/perl -w Heh - Code by KF...

Solaris 10 (x86) - DtPrintinfoSession Privilege Escalation

Solaris 10 x86 - DtPrintinfoSession Privilege Escalation !/usr/bin/perl Solaris 10 DtPrintinfo/Session Exploit x86 EDUCATIONAL purposes only.... :- by Charles Stevenson core greetz to raptor for sharing this vulnerability and in no specific order just want to show love for: nemo, andrewg, jduck,...

Solaris 10 (x86) - DtPrintinfo/Session Privilege Escalation

!/usr/bin/perl Solaris 10 DtPrintinfo/Session Exploit x86 EDUCATIONAL purposes only.... :- by Charles Stevenson core greetz to raptor for sharing this vulnerability and in no specific order just want to show love for: nemo, andrewg, jduck, bannedit, runixd, charbuff, sloth, ktha, KF, akt0r, MRX,...

Solaris 10 DtPrintinfo/Session Local Root Exploit (x86)

Exploit for solaris platform in category local exploits ======================================================= Solaris 10 DtPrintinfo/Session Local Root Exploit x86 ======================================================= !/usr/bin/perl Solaris 10 DtPrintinfo/Session Exploit x86 EDUCATIONAL...

Operator Shell (osh) 1.7-13 Local Root Exploit

Exploit for linux platform in category local exploits ============================================== Operator Shell osh 1.7-13 Local Root Exploit ============================================== You must be groupoperator for permissions /str0ke !/usr/bin/perl OSH 1.7 Exploit 2 Gonna bang away at th...

pileup 1.2

Attached you will find pileup-1.2 which fixes the scanf buffer overflows, allowing root access as demonstrated by Charles Stevenson. The fix was written by Richard Everitt [email protected], the author of pileup. Regards, Joop -- Joop Stakenborg - Debian GNU/Linux developer...

glibc-resolve-tr.sh

Charles Stevenson glibc-2.2 and openssh-2.3.0p1 Debian 2.3 , Redhat 7.0 This exploits is for glibc = 2.1.9x. [email protected] Edit this if you have a problem with path ssh=/usr/bin/ssh traceroute=/usr/sbin/traceroute FILE=/etc/shadow File to read echo "$ssh" echo " Checking permisions..." if...