Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)

/ ;Category: Shellcode ;Title: GNU/Linux x86 - execve /bin/sh using JMP-CALL-POP technique 21 bytes ;Author: kiriknik ;Date: 01/07/2019 ;Architecture: Linux x86 =========== Asm Source =========== global start section .text start: jmp short callshellcode shellcode: pop ebx xor eax,eax mov al, 11 i...

Linux/ARM64 - execve(/bin/sh, [/bin/sh], NULL) Shellcode (48 Bytes)

/ Title: Linux/ARM64 - execve"/bin/sh", "/bin/sh", NULL Shellcode 48 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xer...

Linux/ARM64 - Jump Back Shellcode + execve(/bin/sh, NULL, NULL) Shellcode (8 Bytes)

/ Title: Linux/ARM64 - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 8 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...

Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (70 bytes)

/ Title: Linux/x8664 - Reverse0.0.0.0:4444/TCPShell/bin/sh- Null Free Shellcode ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 70 bytes ;github = https://github.com/STARRBOY compilation and execution of assembly code ------------------------------------- nasm -felf64...

TP-Link Wi-Fi extender remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

WiFi extender can enlarge the WiFi signal, mainly used for large or multi-storey residential, and the router signal can not cover the family's case. The extender's principle is from the main router to get a WiFi signal, and broadcast channel other WiFi signal weak or no signal area. IBM X-Force...

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)

Title: Linux/x86 - Reposition + INC encoder with execve/bin/sh Shellcode 66 bytes Author: Jonathan So Purpose: decode and spawn a /bin/sh shell Tested On: Linux kali 4.19.0-kali4-686 1 SMP Debian 4.19.28-2kali1 2019-03-18 i686 GNU/Linux Arch: x86 Size: 66 bytes Write-up Link:...

Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)

/ ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: rajvardhan ;Architecture: Linux x8664 ;Possibly The Smallest And Fully Reliable Shellcode =========== Asm Source =========== global start section .text start: xor rsi,rsi push rsi mov rdi,0x68732f2f6e69622f push rdi push rsp...

Linux/x86 - execve /bin/sh Shellcode (20 bytes)

/ Linux/x86 - execve /bin/sh shellcode 20 bytes Author: Rajvardhan Tested on: i686 GNU/Linux Shellcode Length: 20 Disassembly of section .text: 08049000 : 8049000: 31 c9 xor %ecx,%ecx 8049002: 6a 0b push $0xb 8049004: 58 pop %eax 8049005: 51 push %ecx 8049006: 68 2f 2f 73 68 push $0x68732f2f...

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)

Title: Linux/x86 - Multiple keys XOR Encoder / Decoder execve/bin/sh Shellcode 59 bytes Author: Xavi Beltran Date: 05/05/2019 Contact: email protected Purpose: spawn /bin/sh shell Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 59 bytes sh.nasm global start section .text start: xor eax, eax pu...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

DEBIAN-CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

UBUNTU-CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

CVE-2019-3901

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes)

INTRO Exploit Title: MMX-PUNPCKLBW Encoder Description: Payload encoder using MMX PUNPCKLBW instruction Date: 13/04/2019 Exploit Author: Petr Javorik Tested on: Linux ubuntu 3.13.0-32-generic x86 Shellcode length: 61 ENCODER !/usr/bin/env python stack execve SHELLCODE = bytearray...

iOS 12.2 macOS 10.14.4 XNU - pidversion Increment During execve is Unsafe

iOS 12.2 macOS 10.14.4 XNU - pidversion Increment During execve is Unsafe Privileged IPC services in userspace often have to verify the security context of their client processes such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing authority. This...

iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe

Privileged IPC services in userspace often have to verify the security context of their client processes such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing authority. This, in turn, requires a way to identify a client process. If PIDs are used f...

iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe Exploit

iOS 12.2 / macOS 10.14.4 XNU - pidversion Increment During execve is Unsafe Exploit Privileged IPC services in userspace often have to verify the security context of their client processes such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing...

Linux/x86 - NOT Encoder / Decoder - execve(/bin/sh) Shellcode (44 bytes)

/ ; NOT-Encoder.py ; Author: Daniele Votta ; Description: This program encode shellcode with NOT technique. ; Tested on: i686 GNU/Linux ; Shellcode Length:25 !/usr/bin/python Python NOT Encoder Execve /bin/sh shellcode...