Microsoft Windows - (SMBGhost) Remote Code Execution Exploit

!/usr/bin/env python ''' EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48537.zip SMBGhostRCEPoC RCE PoC for CVE-2020-0796 "SMBGhost" For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of m...

Microsoft Windows - 'SMBGhost' Remote Code Execution

!/usr/bin/env python ''' EDB Note Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48537.zip SMBGhostRCEPoC RCE PoC for CVE-2020-0796 "SMBGhost" For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of my...

macOS/x64 zsh RickRolling Shellcode (198 bytes)

/ Shellcode Title: macOS/x64 - zsh RickRolling Shellcode 198 Bytes Shellcode Author: Bobby Cooke Tested on: macOS Catalina v10.15.4 Shellcode Description: MacOS Catalina Dynamic, No-Null Shellcode that will Unmute the systems Volume, set the Volume to Maximum, and "Rick Roll" the user every time...

VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP,ASLR)

Exploit title: VUPlayer 2.49 .m3u - Local Buffer Overflow DEP,ASLR Date: 2020-05-22 Exploit Author: Gobinathan L Vendor Homepage: http://www.vuplayer.com/ Version: v2.49 Tested on: Windows 7 Professional with ALSR and Full DEP Turned ON. Usage : $ python .py ===================================...

VUPlayer 2.49 .m3u Local Buffer Overflow

Exploit title: VUPlayer 2.49 .m3u - Local Buffer Overflow DEP,ASLR Date: 2020-05-22 Exploit Author: Gobinathan L Vendor Homepage: http://www.vuplayer.com/ Version: v2.49 Tested on: Windows 7 Professional with ALSR and Full DEP Turned ON. Usage : $ python .py ===================================...

CloudMe 1.11.2 - Buffer Overflow (SEH,DEP,ASLR)

Exploit Title: CloudMe 1.11.2 - Buffer Overflow SEH,DEP,ASLR Date: 2020-05-20 Exploit Author: Xenofon Vassilakopoulos Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: CloudMe 1.11.2 Tested on: Windows 7 Professional x86 SP1 Step...

Remote Desktop Audit 2.3.0.157 Buffer Overflow

Exploit Title: Remote Desktop Audit 2.3.0.157 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: Remote Desktop Audit 2.3.0.157 Vendor Homepage: https://lizardsystems.com Version: 2.3.0.157 Software Link: https://lizardsystems.com/download/rdauditsetup.exe Tested...

Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH) Exploit

Exploit Title: Remote Desktop Audit 2.3.0.157 - Buffer Overflow SEH Exploit Author: gurbanli Vulnerable Software: Remote Desktop Audit 2.3.0.157 Vendor Homepage: https://lizardsystems.com Version: 2.3.0.157 Software Link: https://lizardsystems.com/download/rdauditsetup.exe Tested on: Windows 7 x8...

Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH)

Exploit Title: Remote Desktop Audit 2.3.0.157 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: Remote Desktop Audit 2.3.0.157 Vendor Homepage: https://lizardsystems.com Version: 2.3.0.157 Software Link: https://lizardsystems.com/download/rdauditsetup.exe Tested...

LanSend 3.2 Buffer Overflow

Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w'...

LanSend 3.2 - Buffer Overflow (SEH) Exploit

Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w' """ PoC 1. Run...

LanSend 3.2 - Buffer Overflow (SEH)

Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w'...

Linux/x64 Anti-Debug Trick INT3 Trap Shellcode (113 bytes)

113 bytes small Linux/x64 anti-debug trick INT3 trap with execve"/bin/sh" shellcode that is NULL free. / Shellcode Title: linux/x64 anti-debug trick INT3 trap + execve"/bin/sh" - NULL Free - 113 bytes Shellcode Author: Dario Castrogiovanni Tested on: LXLE Linux 18.04 x64 Description: This shellco...

Linux/x86 Egghunter Shellcode (39 bytes)

39 bytes small Linux/x86 egghunter null-free shellcode. The egghunter dynamically searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. // Shellcode Title: Linux/x86 - EggHunter + Null-free 39...

Linux/x64_86 ROL Encoded Execve Shellcode (57 bytes)

57 bytes small Linux/x6486 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload. // Shellcode Title: Linux/x64 - ROL Encoded Execve Shellcode 57 bytes // Shellcode Author: Bobby Cooke // Tested...

Linux/x86 Dynamic MMX+FPU Encoded Add Root User Shellcode (155 bytes)

155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/pass...

Linux/x64_86 Egghunter Execve Shellcode (63 bytes)

63 bytes small Linux/x6486 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve/bin/bash shellcode. // Shellcode Title: Linux/x64 -...

Linux/x86 Reverse Shell Generator Shellcode (80 bytes)

80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address. Title: Linux/x86 - Reverse Shell Generator - Customizable TCP Port & IP Address 80 bytes Exploit Author: Bobby Cooke Tested on: Ubuntu 16.04.6 - 4.15.0-45-generic x86 i686 Usage: TERMINAL 1 root ...

Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)

Exploit Title: Linux/x64 - Password Protected Bindshell + Null-free Shellcode 272 Bytes Exploit Author: Bobby Cooke Tested on: Linux x8664 SMP Debian 5.3.15-1kali1 SLAE/Student ID: PA-10913 Course: This shellcode was created for the x8664 Assembly Language and Shellcoding on Linux SLAE64 Course...

Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation

Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Date: 2020-04-21 Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck...