Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)

;Full tutorial: https://www.zinzloun.info Windows CMD shellcode ;COMPILE: ;nasm.exe -f win32 dynamic.asm -o dynamic.obj ;SKIP -f win32 to create the .obj file to extract eventually the hex code ;then execute: python bin2hex.py dynamic.obj to get the hex code:...

Windows x86 - Hide Console Window Shellcode (182 bytes)

Windows x86 - Hide Console Window Shellcode 182 bytes. Shellcode exploit for Winx86 platform / MIT License Copyright c 2017 Ege Balcı Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software", to deal in the...

FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)

Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...

Windows/x64 - Bind Shell TCP Shellcode (508 bytes)

/ Title : Windows x64 Bind Shell TCP Shellcode size : 508 bytes Date : 08-12-2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x64 / / section .text global start start: xor rdx,rdx mov rax,gs:rdx+0x60 mov rsi,rax+0x18 mov rsi,rsi+0x10 lodsq mov rsi,rax mov r14,rsi+0x30...

Tor Browser / Firefox Remote use-after-free FBI Exploit

Exploit for multiple platform in category remote exploits This is an Javascript exploit actively used against TorBrowser NOW. It consists of one HTML and one CSS file, both pasted below and also de-obscured. The exact functionality is unknown but it's getting access to "VirtualAlloc" in...

Tor (Firefox 41 50) - Code Execution

Tor Firefox 41 50 - Code Execution TOR Browser 0day : JavaScript Exploit ! Works on Firefox versions 41 - 50 The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox version 50. When...

Tor (Firefox 41 < 50) - Code Execution

TOR Browser 0day : JavaScript Exploit ! Works on Firefox versions 41 - 50 The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox version 50. When exploit opened by a Firefox or Tor...

Windows x64 - Download & Execute Shellcode (358 bytes)

Windows x64 - Download & Execute Shellcode 358 bytes. Shellcode exploit for Winx86-64 platform / Title : Windows x64 Download+Execute Shellcode Author : Roziul Hasan Khan Shifat Date : 24-11-2016 size : 358 bytes Tested on : Windows 7 x64 Professional Email : [email protected] / / section .text...

Freefloat FTP Server 1.0 - RENAME Remote Buffer Overflow

Freefloat FTP Server 1.0 - RENAME Remote Buffer Overflow !/usr/bin/env python -- coding: utf-8 -- Exploit Title: FreeFloat FTP Server RENAME Command Buffer Overflow Exploit Date: 29/10/2016 Exploit Author: Eagleblack Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version:...

Windows/x64 - WinExec() Shellcode (93 bytes)

/ Title : Windows x64 WinExec shellcode Date : 15-10-2016 Author : Roziul Hasan Khan Shifat size : 93 bytes Tested on : Windows 7 Ultimate x64 / / Disassembly of section .text: 0000000000000000 : 0: 99 cltd 1: 65 48 8b 42 60 mov %gs:0x60%rdx,%rax 6: 48 8b 40 18 mov 0x18%rax,%rax a: 48 8b 70 10 mo...

Windows/x86 - Persistent Reverse Shell TCP (494 Bytes)

/ Title : Windows x86 persistent reverse shell tcp Author : Roziul Hasan Khan Shifat Date : 04-09-2016 Tested on : Windows 7 x86 / / Note : This program must be run as adminstrator for 1st time . otherwise it won't be persistent / / section .text global start start: xor ecx,ecx mov eax,fs:ecx+0x3...

Halliburton LogView Pro 9.7.5 - '.cgm' / '.tif' / '.tiff' / '.tifh' Crash (PoC)

Exploit Title: Haliburton LogView Pro v9.7.5 Exploit Author: Karn Ganeshen Download link: http://www.halliburton.com/public/lp/contents/InteractiveTools/web/Toolkits/lp/HalliburtonLogViewer.exe Version: Current version 9.7.5 Tested on: Windows Vista Ultimate SP2 Open cgm/tif/tiff/tifh file -...

Windows/x86 - WinExec("cmd.exe",0) Shellcode (184 bytes)

/ Title : Windows x86 WinExec"cmd.exe",0 shellcode Date : 07/06/2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x86 / / To Compile: -------------- $nasm -f win32 winexec.asm -o exec.obj Linking: ---------- $ "C:\Program Files\CodeBlocks\MinGW\bin\ld.exe" -o winexec.exe...

Windows x86 WinExec"cmd.exe",0 Shellcode

Windows x86 WinExec"cmd.exe",0 Shellcode. Shellcode exploit for win32 platform / Title : Windows x86 WinExec"cmd.exe",0 shellcode Date : 07/06/2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x86 / / To Compile: -------------- $nasm -f win32 winexec.asm -o exec.obj Linkin...

All Windows Null-Free Shellcode - Functional Keylogger to File - 601 0x0259 bytes

All Windows Null-Free Shellcode - Functional Keylogger to File - 601 0x0259 bytes. Shellcode exploit for windows platform / ; Exploit Title: All windows null free shellcode - functional keylogger to file - 601 0x0259 bytes ; Date: Sat May 7 19:32:08 GMT 2016 ; Exploit Author: Fugu ; Vendor...

Microsoft Windows 7 10 2008 2012 R2 (x86x64) - Local Privilege Escalation (MS16-032) (PowerShell)

Microsoft Windows 7 10 2008 2012 R2 x86x64 - Local Privilege Escalation MS16-032 PowerShell function Invoke-MS16-032 https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html .DESCRIPTION Author: Ruben Boonen @FuzzySec Blog: http://www.fuzzysecurity.com/ License: BSD...

Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) (PowerShell)

function Invoke-MS16-032 https://googleprojectzero.blogspot.co.uk/2016/03/exploiting-leaked-thread-handle.html .DESCRIPTION Author: Ruben Boonen @FuzzySec Blog: http://www.fuzzysecurity.com/ License: BSD 3-Clause Required Dependencies: PowerShell v2+ Optional Dependencies: None .EXAMPLE C:\PS...

Microsoft Windows 7 (x64) - afd.sys Dangling Pointer Privilege Escalation (MS14-040)

Microsoft Windows 7 x64 - afd.sys Dangling Pointer Privilege Escalation MS14-040 Exploit Title: MS14-040 - AFD.SYS Dangling Pointer Date: 2016-03-03 Exploit Author: Rick Larabee Vendor Homepage: www.microsoft.com Version: Windows 7, 64 bit Tested on: Win7 x64 afd.sys - 6.1.7601.17514 ntdll.dll -...

AppLocker Execution Prevention Bypass

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'AppLocker Execution Prevention Bypass', 'Description' = %q This module will generate a .NET service executable on the target and utilise InstallUtil to...

QuickHeal 16.00 - webssx.sys Driver Denial of Service

QuickHeal 16.00 - webssx.sys Driver Denial of Service Exploit Title: QuickHeal webssx.sys driver DOS vulnerability Date: 19/02/2016 Exploit Author: Csaba Fitzl Vendor Homepage: http://www.quickheal.co.in/ Version: 16.00 Tested on: Win7x86, Win7x64 CVE : CVE-2015-8285 from ctypes import from...