Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)

Shellcode Title: Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode 571 Bytes Shellcode Author: Bobby Cooke Technique: PEB & Export Directory Table Tested On: Windows 10 Pro x86 10.0.18363 Build 18363 Shellcode Function: When executed, this shellcode creates a cmd.exe bind shell, using the...

Windows/x64 - Bind Shell TCP Shellcode (508 bytes)

/ Title : Windows x64 Bind Shell TCP Shellcode size : 508 bytes Date : 08-12-2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x64 / / section .text global start start: xor rdx,rdx mov rax,gs:rdx+0x60 mov rsi,rax+0x18 mov rsi,rsi+0x10 lodsq mov rsi,rax mov r14,rsi+0x30...

Windows x86 - Bind Shell TCP Shellcode

Windows x86 - Bind Shell TCP Shellcode. Shellcode exploit for Winx86 platform / Title : Windows x86 bind shell tcp shellcode Author : Roziul Hasan Khan Shifat Date : 08-09-2016 Tested On : Windows 7 Ultimate , Starter x86 / //Note: This shellcode will only works on x86 / section .text global star...

Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)

Windows x86 - CreateProcessA cmd.exe Shellcode 253 bytes. Shellcode exploit for Winx86 platform...

Windows/x86 - CreateProcessA cmd.exe Shellcode (253 bytes)

/ Title : Windows x86 CreateProcessANULL,"cmd.exe",NULL,NULL,0,NULL,NULL,NULL,&STARTUPINFO,&PROCESSINFORMATION shellcode Author : Roziul Hasan Khan Shifat Date : 15-08-2016 Tested On : Windows 7 x86 / / Disassembly of section .text: 00000000 : 0: 31 c9 xor %ecx,%ecx 2: 64 8b 41 30 mov...

多款NVIDIA GPU显卡驱动非引用Windows搜索路径漏洞

安装了nvidia的显卡驱动包后，在控制面板会有nvidia的图标，点击该图标会运行 nvSmartMaxApp.exe，并显示显卡配置界面。该主程序在加载其它子程序时，调用createprocessa API时，第一个参数没有使用双引号来闭合包含有空格的子进程路径。造成攻击者可以在C盘根目录下 存放c:\program.exe的恶意程序，并会被nvSmartMaxApp.exe加载。 但是在WIN7中默认C盘根目录是不能写的。同时该漏洞需要用户交互。...

7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities

No description provided by source. $Id: igss9misc.rb 12779 2011-05-31 14:33:19Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

ABB MicroSCADA Wserver wserver.exe EXECUTE Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component...

7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities

This module exploits multiple vulnerabilities found on IGSS 9's Data Server and Data Collector services. The initial approach is first by transferring our binary with Write packets opcode 0x0D via port 12401 igssdataserver.exe, and then send an EXE packet opcode 0x0A to port 12397 dc.exe, which...

7-Technologies IGSS 9 Data Server/Collector Packet Handling

Exploit for windows platform in category remote exploits $Id: igss9misc.rb 12773 2011-05-30 21:06:56Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

7-Technologies IGSS 9 - Data Server/Collector Packet Handling (Metasploit)

$Id: igss9misc.rb 12779 2011-05-31 14:33:19Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

CVE-2010-0111

HDNLRSVC.EXE in the Intel Alert Handler service aka Symantec Intel Handler service in Intel Alert Management System aka AMS or AMS2, as used in Symantec AntiVirus Corporate Edition SAVCE 10.x before 10.1 MR10, Symantec System Center SSC 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows...

Code injection

HDNLRSVC.EXE in the Intel Alert Handler service aka Symantec Intel Handler service in Intel Alert Management System aka AMS or AMS2, as used in Symantec AntiVirus Corporate Edition SAVCE 10.x before 10.1 MR10, Symantec System Center SSC 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows...

Symantec AMS Intel Alert Handler Service CreateProcess Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HDNLRSVC.EXE service while processing data sent from the msgsys.e...

ShellCode WinXP SP3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess

ShellCode WinXP SP3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess. Shellcode exploit for win32 platform !/usr/bin/perl c0d3d by r0i aka d0lc3 Exploit Title: ShellCode WinXP SP3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess Date: 24/06/2010 Size: 176 bytes++ Author: d0lc3...

ShellCode WinXP SP3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess

No description provided by source. !/usr/bin/perl c0d3d by r0i aka d0lc3 Exploit Title: ShellCode WinXP SP3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess Date: 24/06/2010 Size: 176 bytes++ Author: d0lc3 d0lc3xatgmaildomcom Author Link: http://elotrolad0.blogspot.com/ Tested on: Windows XP...

win32/xp sp3 (SPA) URLDownloadToFileA + CreateProcessA + ExitProcess

Exploit for win32 platform in category shellcode ==================================================================== win32/xp sp3 SPA URLDownloadToFileA + CreateProcessA + ExitProcess ==================================================================== !/usr/bin/perl c0d3d by r0i aka d0lc3 Explo...

Command injection

The Intel LANDesk Common Base Agent CBA in Symantec Alert Management System 2 AMS2, as used in Symantec System Center SSS; Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus SAV Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2...