FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies. One such group is FIN8, a financially motivated threat...

AnyDesk 5.5.2 Remote Code Execution

Exploit Title: AnyDesk 5.5.2 - Remote Code Execution Date: 09/06/20 Exploit Author: scryh Vendor Homepage: https://anydesk.com/en Version: 5.5.2 Tested on: Linux Walkthrough: https://devel0pment.de/?p=1881 !/usr/bin/env python import struct import socket import sys ip = '192.168.x.x' port = 50001...

AnyDesk 5.5.2 - Remote Code Execution Exploit

Exploit Title: AnyDesk 5.5.2 - Remote Code Execution Exploit Author: scryh Vendor Homepage: https://anydesk.com/en Version: 5.5.2 Tested on: Linux Walkthrough: https://devel0pment.de/?p=1881 !/usr/bin/env python import struct import socket import sys ip = '192.168.x.x' port = 50001 def...

ScareCrow - Payload Creation Framework Designed Around EDR Bypass

If you want to learn more about the techniques utlized in this framework please take a look at Part 1 and Part 2 Description ScareCrow is a payload creation framework for generating loaders for the use of side loading not injection into a legitimate Windows process bypassing Application...

Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)

Exploit Title: Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode 240 bytes Exploit Author: Armando Huesca Prida Tested on: Windows 7 Professional 6.1.7601 SP1 Build 7601 x86 Windows Vista Ultimate 6.0.6002 SP2 Build 6002 x86 Windows Server 2003 Enterprise Editio...

Linux/x64 - execve (cat /etc/shadow) Shellcode (66 bytes)

Exploit Title: Linux/x64 - execve "cat /etc/shadow" Shellcode 66 bytes Author: Felipe Winsnes Tested on: Debian x64 Shellcode Length: 66 / global start start: xor rax, rax ; Zeroes out RAX. xor rbp, rbp ; Zeroes out RBP. push rax ; Pushes RAX's NULL-DWORD. mov rbp, 0x776f646168732f63 ; Moves valu...

Microsoft Internet Explorer 11 Use-After-Free

Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Date: 2021-02-05 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7...

Microsoft Internet Explorer 11 32-bit - Use-After-Free Exploit

Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7 x64 and Windows 7...

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 3 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintnamesparc3.c - dtprintinfo on Solaris 10...

Solaris 10 1/13 (Intel) - (dtprintinfo) Local Privilege Escalation Exploit(3)

Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 3 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel2.c - Solaris/Intel FMT LPE Copyright c 2020...

Solaris 10 1/13 (SPARC) - (dtprintinfo) Local Privilege Escalation Exploit (3)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 3 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintnamesparc3.c - dtprintinfo on Solaris 10 SPARC Copyright c...

Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)

Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel.c - Solaris/Intel 0day? LPE...

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc2.c - Solaris/SPARC FMT LPE...

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

CSSG - Cobalt Strike Shellcode Generator

Adds Shellcode - Shellcode Generator to the Cobalt Strike top menu bar CSSG is an aggressor and python script used to more easily generate and format beacon shellcode Generates beacon stageless shellcode with exposed exit method, additional formatting, encryption, encoding, compression, multiline...

Shellex - C-shellcode To Hex Converter, Handy Tool For Paste And Execute Shellcodes In Gdb, Windbg, Radare2, Ollydbg, X64Dbg, Immunity Debugger And 010 Editor

C-shellcode to hex converter. Handy tool for paste & execute shellcodes in gdb, windbg, radare2, ollydbg, x64dbg, immunity debugger & 010 editor. Are you having problems converting C-shellcodes to HEX maybe c-comments+ASCII mixed? Here is shellex. If the shellcode can be compiled in a C compiler...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to inject shellcode into the Windows kernel. The shellcode is generated from a...

Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)

/ Exploit Title: Linux/x64 - Bindtcp 0.0.0.0:4444 + Password 12345678 + Shell /bin/sh Shellcode 142 bytes Author: Guillem Alminyana Platform: GNU Linux x64 ===================================== Compile: gcc -fno-stack-protector -z execstack shellcode.c -o shellcode / include include unsigned char...

Windows/x86 - Stager Generic MSHTA Shellcode (143 bytes)

Exploit Title: Windows/x86 - Stager Generic MSHTA Shellcode 143 bytes Exploit Author: Armando Huesca Prida Date: 11-01-2021 Tested on: Windows 7 Professional 6.1.7601 SP1 Build 7601 x86 Windows Vista Ultimate 6.0.6002 SP2 Build 6002 x86 Windows Server 2003 Enterprise Edition 5.2.3790 SP1 Build 37...

CTF-All-In-One

This is a comprehensive book on CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chaofei, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...