ShellcodeTemplate - An Easily Modifiable Shellcode Template For Windows X64/X86

An easily modifiable shellcode template for Windows x64/x86 How does it work? This template is heavily based on Austin Hudson's aka SecIdiot TitanLdr It compiles the project into a PE Executable and extracts the .text section Example The entrypoint of the shellcode looks like this. Of course, thi...

Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)

Title: Windows/x64 - Reverse TCP 192.168.201.11:4444 Shellcode 330 Bytes Author: Xenofon Vassilakopoulos Tested on: Windows/x64 - 10.0.19043 N/A Build 19043 / MIT License Copyright c 2021 Xenofon Vassilakopoulos Permission is hereby granted, free of charge, to any person obtaining a copy of this...

Missing Authorization in FastReport

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...

Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)

Shellcode Title: Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode 205 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Shellcode Description: 64bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB & ExportTable method. Contai...

Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)

Shellcode Title: Windows/x64 - Dynamic NoNull Add RDP Admin BOKU:SP3C1ALM0V3 Shellcode 387 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Full Disclosure: github.com/boku7/x64win-AddRdpAdminShellcode Shellcode Description: 64bit Windows 10...

Remote Code Execution (RCE)

FastReport.OpenSource is vulnerable to remote code execution RCE. An attacker can create a new expression or edit an existing one into, for example System.String.Join",", System.IO.Directory.GetDirectories@"c:/" as the library does not use ScriptSecurity feature and mishandle GetType, typeof,...

CVE-2020-27998

CVE-2020-27998 affects FastReport prior to 2020.4.0, where the missing ScriptSecurity feature can allow mishandling of scripting constructs such as GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. This creates potential remote-execution/code-injection-like risks as noted in mu...

10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)

Exploit Title: 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: 2020-07-07 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...

Bandwidth Monitor 3.9 Full ROP Buffer Overflow

Exploit Title: Bandwidth Monitor 3.9 - Full ROP Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...

Windows/10 Pro - Dynamic Null-Free PopCalc Shellcode (223 bytes)

; Shellcode Title: Dynamic, Null-Free PopCalc Shellcode 223 Bytes ; Shellcode Author: Bobby Cooke ; Technique: PEB & Export Directory Table ; Tested On: Windows 10 Pro x86 10.0.18363 Build 18363 Create a new stack frame push ebp ; push current base pointer to the stack mov ebp, esp ; Set Base Sta...

Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode (571 Bytes)

Shellcode Title: Windows/x86 - Dynamic Bind Shell + Null-Free Shellcode 571 Bytes Shellcode Author: Bobby Cooke Technique: PEB & Export Directory Table Tested On: Windows 10 Pro x86 10.0.18363 Build 18363 Shellcode Function: When executed, this shellcode creates a cmd.exe bind shell, using the...

Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)

;Full tutorial: https://www.zinzloun.info Windows CMD shellcode ;COMPILE: ;nasm.exe -f win32 dynamic.asm -o dynamic.obj ;SKIP -f win32 to create the .obj file to extract eventually the hex code ;then execute: python bin2hex.py dynamic.obj to get the hex code:...

Windows/x86 - WinExec("cmd.exe",0) Shellcode (184 bytes)

/ Title : Windows x86 WinExec"cmd.exe",0 shellcode Date : 07/06/2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x86 / / To Compile: -------------- $nasm -f win32 winexec.asm -o exec.obj Linking: ---------- $ "C:\Program Files\CodeBlocks\MinGW\bin\ld.exe" -o winexec.exe...

Windows x86 WinExec"cmd.exe",0 Shellcode

Windows x86 WinExec"cmd.exe",0 Shellcode. Shellcode exploit for win32 platform / Title : Windows x86 WinExec"cmd.exe",0 shellcode Date : 07/06/2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x86 / / To Compile: -------------- $nasm -f win32 winexec.asm -o exec.obj Linkin...

All Windows Null-Free Shellcode - Functional Keylogger to File - 601 0x0259 bytes

All Windows Null-Free Shellcode - Functional Keylogger to File - 601 0x0259 bytes. Shellcode exploit for windows platform / ; Exploit Title: All windows null free shellcode - functional keylogger to file - 601 0x0259 bytes ; Date: Sat May 7 19:32:08 GMT 2016 ; Exploit Author: Fugu ; Vendor...

Windows 10 pcap Drive Local Privilege Escalation

Source: https://github.com/Rootkitsmm/Win10Pcap-Exploit include include include include include include include include include define SLIOCTLGETEVENTNAME CTLCODE0x8000, 1, METHODNEITHER, FILEANYACCESS define STATUSSUCCESS NTSTATUS0x00000000L define STATUSINFOLENGTHMISMATCH NTSTATUS0xc0000004L /...

Windows XP SP3 English MessageBoxA Shellcode - 87 bytes

No description provided by source. / Title: Windows XP SP3 English MessageBoxA Shellcode 87 bytes Date: August 20, 2010 Author: Glafkos Charalambous glafkos@astalavistadotcom Tested on: Windows XP SP3 En Thanks: ishtus Greetz: Astalavista, OffSEC, Exploit-DB Exploit-DB Notes: Tested under Windows...

VDOLive Player 3.0.2 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/872/info VDOLive Player v3.02 has an unchecked buffer that can allow arbitrary code to be executed if a specially-crafted .vdo file is loaded. /====================================================================...

MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (2)

No description provided by source. source: http://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A...

winxp, the win2003, win7, win8 General the shellcode-exploit warning-the black bar safety net

This code in vc6 to compile, extract the shellcode when the debug mode, open the memory window, copy the binary code into the shellcode can be Code changes to the original address: http://hi.baidu.com/egodcore/item/c13e67fe197c940fc6dc45f5 int main asm nop; nop; nop; nop; nop; nop; nop; push ebp;...