7257 matches found
Attackers Use Event Logs to Hide Malware
Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for...
Hacking Ham Radio: WinAPRS – Part 4
In part three of this series, we discovered and traced a memory corruption bug in WinAPRS using IDA Pro and WinDbg. We discovered that it could be used to gain control over the CPUs EIP register to obtain remote code execution. We found that there were limitations on the address that could be...
ALLPlayer ALLMediaServer V1.6 SEH Exploit
Exploit Title: ALLPlayer ALLMediaServer V1.6 SEH Exploit Version:ALLMediaServer V1.6 Exploit Author: Achilles Vendor Homepage: http://www.allmediaserver.org/ Downlod Link:http://www.allmediaserver.org/LiveUpdate/ALLMediaServer.exe Tested on: Windows 7 Sp1 x86 Original Dos Author: Yehia Elghaly...
Windows/x86 - XOR/DEC/NOT/ROR encrypted / encoded + null free reverse tcp Shellcode (840 bytes)
Windows/x86 - XOR/DEC/NOT/ROR XDNR encrypted / encoded + null free reverse tcp 192.168.201.11:4444 Shellcode 840 bytes / \ / /\ \ \ \ \ \ / | | \ / | | / / \ | / | \ | \ //\ / /| /| / / / / / X0R Cryptor with DEC/N0T/R0R encoder plus random byte insertion Author: @xen0vas / include...
Shhhloader - SysWhispers Shellcode Loader
Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV/EDR. The included python builder will work on any Linux system that has Mingw-w64 installed. T...
New PlugX variant “Talisman” used by famous Chinese APT
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here PlugX is a well-known malware family with samples dating back to as early as 2008. A Chinese state-backed threat actor, RedFoxtrot group, is discovered to use a new variant of the PlugX malware, Talisman. The threat actor grou...
PlugX: A Talisman to Behold
PlugX: A Talisman to Behold By Max Kersten, Marc Elias, Leandro Velasco, and Alexandre Mundo Alguacil · March 28, 2022 For over a decade, the PlugX malware has been observed internationally with different variants found around the world. This blog covers a PlugX variant that we have named Talisma...
Nimcrypt2 - .NET, PE, And Raw Shellcode Packer/Loader Written In Nim
Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with the main improvements being the use of direct syscalls and the ability to load regular PE files as well as raw shellcode. Before going any further, I must acknowledge...
ShellcodeTemplate - An Easily Modifiable Shellcode Template For Windows X64/X86
An easily modifiable shellcode template for Windows x64/x86 How does it work? This template is heavily based on Austin Hudson's aka SecIdiot TitanLdr It compiles the project into a PE Executable and extracts the .text section Example The entrypoint of the shellcode looks like this. Of course, thi...
Amazing CD Ripper 1.2 Buffer Overflow
Exploit Title: Amazing CD Ripper v1.2 - Buffer Overflow Exploit Author: Hejap Zairy Date: 03.08.2022 Software Link: http://www.shelltoys.com/cdripper.exe Software Link: https://web.archive.org/web/20160313071152/http://www.shelltoys.com/cdripper.exe Tested Version: v1.2.1 Tested on: Windows 10...
WMEye - A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement
WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when...
Exploit for Improper Initialization in Linux Linux_Kernel
cve20220847shellcode Description This repository conta...
Linux/x86_64 - sudo enumeration Shellcode (245 bytes)
sudo vulnerability enumeration shellcode / sudo vulnerability enumeration shellcode xordynamic - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 245 bytes compilation: gcc -fno-stack-protector -z execstack .c -o "disasssemble only main." 0000000000001179 : 1179: 55 push...
Audio Conversion Wizard v2.01 - Buffer Overflow Exploit
Exploit Title: Audio Conversion Wizard v2.01 - Buffer Overflow Exploit Author: Hejap Zairy Software Link: https://www.litexmedia.com/acwizard.exe Tested Version: v2.01 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy All content to Clipboard 3.-...
Audio Conversion Wizard v2.01 - Buffer Overflow
Exploit Title: Audio Conversion Wizard v2.01 - Buffer Overflow Exploit Author: Hejap Zairy Date: 03.07.2022 Software Link: https://www.litexmedia.com/acwizard.exe Tested Version: v2.01 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy All content...
Firefox MCallGetProperty Write Side Effects Use-After-Free Exploit
This Metasploit modules exploits CVE-2020-26950, a use-after-free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order ...
Firefox MCallGetProperty Write Side Effects Use After Free Exploit
This modules exploits CVE-2020-26950, a use after free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construc...
Firefox MCallGetProperty Write Side Effects Use-After-Free
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Firefox MCallGetProperty Write Side Effects Use After Free Exploit', 'Description' = %q This modules exploits CVE-2020-26950, a use after free...
Solaris/SPARC - chmod(./me) Shellcode
/ sparcsolarischmod2.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Very small Solaris/SPARC chmod shellcode. See also: http://phrack.org/issues/70/13.htmlarticle Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode ma...
Solaris/SPARC - setuid(0) + execve (/bin/ksh) Shellcode
/ sparcsolarisexec.c - Solaris/SPARC execve shellcode Copyright c 2022 Marco Ivaldi Pretty standard Solaris/SPARC setuid/execve shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC execve shellcode 12 + 48 = 60 bytes / / setuid0 /...