Reversing malware in a custom format: Hidden Bee elements

Malware can be made of many components. Often, we encounter macros and scripts that work as malicious downloaders. Some functionalities can also be achieved by position-independent code—so-called shellcode. But when it comes to more complex elements or core modules, we almost take it for granted...

Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode

/ Exploit Title: Linux x86 Dual Network Stack IPv4 and IPv6 Bind TCP Shellcode Shellcode Author: Kevin Kirsche Shellcode Repository: https://github.com/kkirsche/SLAE/tree/master/assignment1-bindshell Tested on: Shell on Ubuntu 18.04 with gcc 7.3.0 / Connected from Kali 2018.2 This shellcode will...

Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)

include include include include using namespace std; / Title: WoW64Egghunter for Windows 10 32bit apps on 64bit Windows 10 Size: 50 bytes Date: 26/08/2018 Author: n30m1nd - https://www.exploit-db.com/author/?a=8766 Works in: 32 bit processes on a 64 bit Windows 10 OS How to: Compile under Visual...

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)

/ Title: Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes Author: Antonio execve/bin/sh shellcode for MIPS64 tested on MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta 48 bytes gcc -fno-stack-protector -z execstack main.c -o main -g adp, SLAE - 1326, 2018. / include include / .text .global sta...

Linux/ARM - execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (32 Bytes)

/ Title: Linux/ARM - execve"/bin/sh", "/bin/sh", NULL Shellcode 32 Bytes Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.52-v7+ 1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l GNU/Linux pi@raspberrypi: $ lsbrelease -a No LSB modules are...

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)

Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes Date: 2018-08-30 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara...

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)

Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes. Shellcode exploit for LinuxMIPS platform / Title: Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes Date: 2018-08-10 Author: Antonio execve/bin/sh shellcode for MIPS64 tested on MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta 48 bytes gcc...

Linux/ARM - execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (32 Bytes)

Linux/ARM - execve"/bin/sh", "/bin/sh", NULL Shellcode 32 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - execve"/bin/sh", "/bin/sh", NULL Shellcode 32 Bytes Date: 2018-08-16 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi...

Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes)

Linux/x86 - Bind 1337/TCP Shell /bin/sh + Dual IPv4 and IPv6 Shellcode 146 bytes. Shellcode exploit for Linuxx86 platform / Exploit Title: Linux x86 Dual Network Stack IPv4 and IPv6 Bind TCP Shellcode Date: 2018-08-18 Shellcode Author: Kevin Kirsche Shellcode Repository:...

Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)

Linux/x86 - Reverse TCP fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP Shell /bin/sh + IPv6 Shellcode Generator 94 bytes. Shellcode exploit for Lin... !/usr/bin/env python3 Exploit Title: Linux x86 IPv6 Reverse TCP Shellcode Generator 94 bytes Date: 2018-08-26 Shellcode Author: Kevin Kirsche...

Peinjector

This module will inject a specified windows payload into a target executable. require 'rex' class MetasploitModule 'Peinjector', 'Description' = %q This module will inject a specified windows payload into a target executable. , 'License' = MSFLICENSE, 'Author' = 'Maximiliano Tedesco ', 'Platform'...

UltraISO 9.7.1.3519 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: UltraISO 9.7.1.3519 - Buffer Overflow SEH Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Vendor Homepage: https://www.ultraiso.com Software Link Download : https://www.ultraiso.com/download.html Tested on:...

SEIG SCADA System 9 - Remote Code Execution Exploit

Exploit for windows platform in category remote exploits Title: SEIG SCADA SYSTEM 9 - Remote Code Execution Author: Alejandro Parodi Vendor Homepage: https://www.schneider-electric.com Software Link:...

SEIG SCADA System 9 Remote Code Execution

Title: SEIG SCADA SYSTEM 9 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://www.schneider-electric.ie/en/download/document/V9Fullinstallationpackageregisterandreceivefile/ Version: v9 Tested on: Windows7 x...

SEIG Modbus 3.4 - Remote Code Execution

Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...

wePWNise - Generates Architecture Independent VBA Code To Be Used In Office Documents Or Templates And Automates Bypassing Application Control And Exploit Mitigation Software

wePWNise is proof-of-concept Python script which generates VBA code that can be used in Office macros or templates. It was designed with automation and integration in mind, targeting locked down environment scenarios. The tool enumerates Software Restriction Policies SRPs and EMET mitigations and...

Foxit Reader 9.0.1.1049 Use-After-Free

%PDF 1 0 obj 2 0 obj /S /JavaScript /JS / --------------------------------------------------------------------------------------------------- Exploit Title : Foxit Reader RCE with DEP bypass on Heap with shellcode Date : 08/04/2018 4 Aug Exploit Author : Manoj Ahuje Tested on : Windows 7 Pro x32...

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)

Linux/x64 - Add Root User toor/toor Shellcode 99 bytes. Shellcode exploit for Linuxx86-64 platform ; Title: add root user toor:toor ; Date: 20180811 ; Author: epi ; https://epi052.gitlab.io/notes-to-self/ ; Tested on: linux/x8664 SMP CentOS-7 3.10.0-862.2.3.el7.x8664 GNU/Linux ; ; Shellcode Lengt...

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)

; Title: add root user toor:toor ; Date: 20180811 ; Author: epi ; https://epi052.gitlab.io/notes-to-self/ ; Tested on: linux/x8664 SMP CentOS-7 3.10.0-862.2.3.el7.x8664 GNU/Linux ; ; Shellcode Length: 99 bytes ; Action: Adds a user into /etc/passwd with the following information ; username: toor ...

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Exploit Title: CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Date: 2018-08-05 Exploit Author: Manoj Ahuje Linkedin: https://www.linkedin.com/in/manojahuje/ Vendor Homepage: https://www.cloudme.com/ Software Link:...