buffer_overflow

This is a repository for a buffer overflow assignment, specifically targeting six vulnerable programs. The repository contains the source code for the vulnerable programs, as well as a Makefile and a Python script for building and testing the exploits. The vulnerable programs are written in C and...

Go-Shellcode - A Repository Of Windows Shellcode Runners And Supporting Utilities

go-shellcode is a repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques. The available Shellcode runners include: CreateFiber CreateProcess CreateProcessWithPipe CreateRemoteThread CreateRemoteThreadNati...

Uchihash - A Small Utility To Deal With Malware Embedded Hashes

Uchihash is a small utility that can save malware analysts the time of dealing with embedded hash values used for various things such as: Dynamically importing APIs especially in shellcode Checking running process used by analysts Anti-Analysis Checking VM or Antivirus artifacts Anti-Analysis...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Microsoft Windows. The exploit is written in Python and uses the SMB protocol to target vulnerable Windows systems. The exploit code is organized into...

Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode

Exploit Title: Linux/x86 - Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 - Egghunter Reverse TCP Shell Shellcode Generator with dynamic IP and port Shellcode Author: d7x https://d7x.promiselabs.net/...

Injector - Complete Arsenal Of Memory Injection And Other Techniques For Red-Teaming In Windows

Complete Arsenal of Memory injection and other techniques for red-teaming in Windows What does Injector do? Process injection support for shellcode located at remote server as well as local storage. Just specify the shellcode file and it will do the rest. It will by default inject into notepad.ex...

Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)

Exploit Title: Linux/x86 - Reverse dynamic IP and port/TCP Shell /bin/sh Shellcode 86 bytes Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 Reverse TCP Shell with dynamic IP and port binding Shellcode tested on Ubuntu 12.04 LTS Usage: gcc -z execstack -o shellreversetcp shellreversetcp.c $...

Linux/x86 - Bind (User Specified Port) Shell (/bin/sh) Shellcode (102 bytes)

Exploit Title: Linux/x86 - Bind User Specified Port Shell /bin/sh Shellcode 102 bytes Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 Bind Shell /bin/sh with dynamic port binding Null-Free Shellcode 102 bytes Usage: gcc -z execstack -o bindshell bindshell.c ./bindshell 7000 Binding to 7000...

Linux/x86 Bindshell With Dynamic Port Binding Shellcode (102 bytes)

Exploit Title: Linux/x86 - bindshell with dynamic shellcode port binding size: 102 bytes Exploit Author: d7x Tested on: Ubuntu x86 / x86 bindshell with dynamic shellcode port binding size: 102 bytes tested on Ubuntu 12.04 LTS Author: d7x https://d7x.promiselabs.net/ https://www.promiselabs.net/ /...

Sharperner - Simple Executable Generator With Encrypted Shellcode

Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv...

Simple Client Management System 1.0 SQL Injection / Shell Upload

Exploit Title: Simple Client Management System 1.0 - Remote Code Execution RCE Date: July 4, 2021 Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip Version: 1.0 Tested...

charlotte

This is a C++ shellcode launcher, fully undetected as of May 13th, 2021. It dynamically invokes Win32 API functions, XOR encrypts shellcode and function names, and uses random XOR keys and variables per run. The code is designed to be stealthy and difficult to detect. The code is written in C++ a...

Solaris SunSSH 11.0 x86 - libpam Remote Root (3)

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...

NamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation

This project is a PoC code to use Pass-the-Hash for authentication on a local Named Pipe user Impersonation. There also is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code from the projects Invoke-SMBExec.ps1 and RoguePotato. I faced...

charlotte1

This is a Python script, charlotte.py, that appears to be a fully undetected shellcode launcher. It is designed to run on Windows systems and is intended to be used as a proof-of-concept POC exploit. The script uses XOR encryption to protect the shellcode and function names, making it difficult t...

Linux/x86 Custom Shellcode ASCII And-Sub Encoder

/ Title: Linux/x86 - Custom Shellcode ASCII And-Sub Encoder Date: 29.03.2021 Author: Xenofon Vassilakopoulos github : https://github.com/xen0vas/ASCII-AND-SUB-Encoder gcc -m32 sub.c -o sub Usage : ./sub -s \x41\xff\x41\x41 -b \x0a\x0d\x2f\x3a\x3f\x40\x80\x81\x82 / include include include include...

Linux/x86 - execve /bin/sh Shellcode (fstenv eip GetPC technique) (70 bytes, xor encoded)

Exploit Title: Linux/x86 - execve /bin/sh Shellcode fstenv eip GetPC technique 70 bytes, xor encoded Exploit Author: d7x Tested on: Ubuntu x86 / shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell uses the fstenv GetPC technique to get the memory address dynamically...

Link - A Command And Control Framework Written In Rust

link is a command and control framework written in rust. Currently in beta. Introduction link provides MacOS, Linux and Windows implants which may lack the necessary evasive tradecraft provided by other more mature command and control frameworks. Tested on Linux only. Features Hopefully this list...

IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP

Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Date: 2020-05-20 Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7...

charlotte

It is an offensive tool for Windows. The repository contains a Python script, charlotte.py, which is a fully undetected shellcode launcher. The script uses XOR encryption to encrypt the shellcode and function names. The script is designed to be used with the Metasploit framework, and it can be us...