HTTP Fetch, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...

HTTPS Fetch, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...

HTTP Fetch, Windows shellcode stage, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/custom/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...

CVE-2017-20229

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programmi...

EUVD-2021-0530

Malware in sbrugna...

Exploit for OS Command Injection in Markdown_Preview_Enhanced_Project Markdown_Preview_Enhanced

CVE-2022-45025 Command injection via PDF import in Markdown Pr...

ctf-writeups

This is a PoC exploit for a double free vulnerability in a binary. The exploit creates overlapping chunks on the heap, manipulates heap metadata, and overwrites the mallochook with a one-gadget address to execute /bin/sh. The challenge is interesting because it does not allow the exploitation of...

Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)

Title: Linux/x86 - Multiple keys XOR Encoder / Decoder execve/bin/sh Shellcode 59 bytes Author: Xavi Beltran Date: 05/05/2019 Contact: email protected Purpose: spawn /bin/sh shell Tested On: Ubuntu 3.5.0-17-generic Arch: x86 Size: 59 bytes sh.nasm global start section .text start: xor eax, eax pu...

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

!/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://viewsvn.cmsmadesimple.org/listing.php?repname=showtim...

Linux/x86 - execve /bin/dash Shellcode (30 bytes)

/ Description ; Title : exec /bin/dash - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : spawn /bin/dash shell ; OS : Linux ; Arch : x86 ; Size : 30 bytes dash.nasm global start section .text start: ; push NULL into the...

Vivaldi 1.4.589.11 DLL Hijacking

Exploit Title: Vivaldi browser DLL Hijacking Author: Ashiyane Digital Security Team Vendor Homepage: https://vivaldi.com/ software link: https://downloads.vivaldi.com/stable/Vivaldi.1.4.589.11.exe Tested on:Windows 7 Date: 13-09-2016...

Android Meterpreter Shell, Reverse HTTP Inline

Connect back to attacker and spawn a Meterpreter shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::TransportConfig include Msf::Payload::Single...

TRENDnet Shell

Added: 06/24/2014 Background TRENDnet routers are vulnerable to a range of SQL injection, command injection, and buffer overflow vulnerabilities. Current supported devices include: TEW-654TR - Remote Root Shell TEW-732BR - Remote Root Shell Problem A SQL injection vulnerability allows the attacke...

Linux/x86 - setuid(0) && execve() - 25 bytes

No description provided by source. Hi, i've shrinked down the shellcode to 25 bytes, the smallest setuid & execve GNU/Linux shellcode without nulls that spawns a shell. -------------------------------------------------------------------------------------- SMALLEST SETUID & EXECVE GNU/LINUX x86...

linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 28 bytes

Exploit for linux/x86 platform in category shellcode ============================================================ linux/x86 setuid0 & execve/bin/sh,0,0 shellcode 28 bytes ============================================================ -------------------ASM---------------------- global start section...

I-Mall Commerce - i-mall.cgi Remote Command Execution

I-Mall Commerce - i-mall.cgi Remote Command Execution I-Mall explo Spawn bash style Shell with webserver uid Greetz z, spax, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $shiz; my @results; my $probe; my @U; $U1...