Linux/x86 reverse TCP Shellcode (84 bytes)

Title: Linux/x86 - Reverse TCP Shellcode 84 bytes Author: Xenofon Vassilakopoulos Tested on: Linux 3.13.0-32-generic 57precise1-Ubuntu i686 i386 GNU/Linux Architecture: i686 GNU/Linux Shellcode Length: 84 bytes SLAE-ID: SLAE - 1314 --------------------- Reverse Shellcode ---------------------...

Linux/x86 execve /bin/sh Shellcode (10 bytes)

Exploit Title: Linux/x86 - execve "/bin/sh" 10 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 10 SLAE-id : Purchased | email protected Reference :...

Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)

Exploit Title: Linux/x86 - Egghunter0x50905090 + sigaction + execve/bin/sh Shellcode 35 bytes Author: danf42 Platform: Linux/x86 / sigaction2 approach to egghunting as described in the paper "Safely Searching Process Virtual Address Space" by skape The shellcode prepares the registers to start th...

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

Linux/ARM - execve /bin/dash Shellcode (32 bytes)

Title: Linux/ARM - execve /bin/dash Shellcode 32 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: Anurag Srivastava Description: execve shellcode / Objdump pi@raspberrypi:/hex $ objdump -d ed1 ed1: file format elf32-littlearm Disassembly of...

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

macOS/x64 zsh RickRolling - Shellcode

198 bytes small macOS/x64 RickRolling shellcode. / Shellcode Title: macOS/x64 - zsh RickRolling Shellcode 198 Bytes Shellcode Author: Bobby Cooke Date: May 31st, 2020 Tested on: macOS Catalina v10.15.4 Shellcode Description: MacOS Catalina Dynamic, No-Null Shellcode that will Unmute the systems...

macOS/x64 zsh RickRolling Shellcode (198 bytes)

/ Shellcode Title: macOS/x64 - zsh RickRolling Shellcode 198 Bytes Shellcode Author: Bobby Cooke Tested on: macOS Catalina v10.15.4 Shellcode Description: MacOS Catalina Dynamic, No-Null Shellcode that will Unmute the systems Volume, set the Volume to Maximum, and "Rick Roll" the user every time...

Linux/x64 Anti-Debug Trick INT3 Trap Shellcode (113 bytes)

113 bytes small Linux/x64 anti-debug trick INT3 trap with execve"/bin/sh" shellcode that is NULL free. / Shellcode Title: linux/x64 anti-debug trick INT3 trap + execve"/bin/sh" - NULL Free - 113 bytes Shellcode Author: Dario Castrogiovanni Tested on: LXLE Linux 18.04 x64 Description: This shellco...

Linux/x64_86 ROL Encoded Execve Shellcode (57 bytes)

57 bytes small Linux/x6486 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload. // Shellcode Title: Linux/x64 - ROL Encoded Execve Shellcode 57 bytes // Shellcode Author: Bobby Cooke // Tested...

Linux/x64_86 Egghunter Execve Shellcode (63 bytes)

63 bytes small Linux/x6486 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve/bin/bash shellcode. // Shellcode Title: Linux/x64 -...

Denial Of Service (DoS)

kernel is vulnearble to denial of service. A flaw was found in the Linux kernel execve system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM Out of Memory killer, triggering a denial of service...

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...

TP-Link Wi-Fi extender User-Agent Header Injection CVE-2019-7406

A pre-authentication command injection vulnerability in TP-Link Wi-Fi extenders allows commands to be executed as root. The injection occurs when the User-Agent header of a request is passed to an execve system call. TP-Link RE365 Wi-Fi extender with firmware version 1.0.2, build 20180213 Rel...

AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)

Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System HIDS due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be...

Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2019-2684)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve(/bin/sh) Shellcode (114 bytes)

Title: Linux/x86 - Random Bytes Encoder + XOR/SUB/NOT/ROR execve/bin/sh Shellcode 114 Author: Xenofon Vassilakopoulos Tested on: Linux kali 5.3.0-kali2-686-pae 1 SMP Debian 5.3.9-3kali1 2019-11-20 i686 GNU/Linux Architecture: i686 GNU/Linux Shellcode Length: 114 bytes SLAE-ID: SLAE - 1314...

Linux/x86 - Execve() Alphanumeric Shellcode (66 bytes)

Title: Linux/x86 - Execve Alphanumeric Shellcode 66 bytes Shellcode Author: bolonobolo Tested on: Linux x86 execve.asm global start section .text start: ; int 0x80 ------------ push 0x30 pop eax xor al, 0x30 push eax pop edx dec eax xor ax, 0x4f73 xor ax, 0x3041 push eax push edx pop eax...

Linux/x86 Encoder / Decoder Shellcode (117 bytes)

Title : Linux/x86 - Encoder - Random Bytes + XOR/SUB/NOT/ROR / Decoder - ROL/NOT/ADD/XOR execve/bin/sh Shellcode 117 bytes Author : Xenofon Vassilakopoulos Date : July, 2019 Tested on : Linux kali 5.3.0-kali2-686-pae 1 SMP Debian 5.3.9-3kali1 2019-11-20 i686 GNU/Linux Architecture : i686 GNU/Linu...