Shellcode-v2.0 is a genetic win32 shellcode generator based mainly on kungfoo. You can generate a shellcode with the help of a GUI. Source and executable included.
bf21bbcff72608584169174404116a665444ac4b9bdc106694a2fe9770f56f35
83 bytes small Linux/x86 ASLR deactivation shellcode.
3c4799dd92e003e39ce50560912dd05104d6cce8bc4f1ce4a42be3063c322af2
57 bytes small Linux x86 chmod 666 /etc/passwd and /etc/shadow shellcode.
590e152e8000ac65c31808f69843049356045877a386919811bea3db71213bd4
28 bytes small Linux x86 execve("/bin/sh") shellcode.
e76c6cfce6e63e2e04ebe2418e31f5cc54c5925f41db12525c88204ca0278b05
61 bytes small Unix/x86 reverse shell TCP port 30 shellcode.
a9c4dce2bac819a7c3727dbb9373b2ad7d3a42ec3a4b4326b3d68c91e79d8c9d
58 bytes small Linux/x86 rm -fr / shellcode.
f97ca9b35911145e544f8f2c9253eb7646968fcbab53346ae763b8c0513a2b5a
Alphanumeric shellcode is similar to ascii shellcode in that it is used to bypass character filters and evade intrusion-detection during buffer overflow exploitation. This article documents alphanumeric code on multiple architectures, but primarily the 64 bit x86 architecture. Alphanumeric shellcode requires a basic understanding of bitwise math, assembly and shellcode.
58bd7026c178df13e32741aeefd385da0fd61df0dd758c8fe3d294c3c7f8be08
42 bytes small Linux/x86 execve(/bin/dash) shellcode.
1f064f3f4e529376eb4edee2ea45ed1176d1934a1c38873cb290b1e9fb04ef2a
Linux/x86 nc -lvve/bin/sh -p13377 shellcode.
82814b845968c56350403d27e03f872f32b6ae31b961b7b431a805f5a5853460
189 bytes small add user t0r with password of Winner shellcode for Linux x86_64.
241545198395d326774323f27d944073f582076812a68301bd6bb70961f8cd60
189 bytes small add user t0r with password of Winner shellcode for Linux x86_64.
241545198395d326774323f27d944073f582076812a68301bd6bb70961f8cd60
Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444.
1a9e244ba23211e8a0745f4370e9f10d0e94ad75ca261b64e8e40b6e0606839f
Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444.
e3ee80f9e583422dca0ef40fef6b1c192c1da12311e53628b885e95e7f419bbe
62 bytes small Linux/x86 BackShell-TCP bash[/dev/tcp],execve(/bin/sh) shellcode.
c11501f06303b67afdaf120cb4cec86433c1a1f77db9fe89aaa1c8245ba1b310
This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.
4bfc86d5bc0fc319751b4a58608edff9318f0cb3cc5c83f4040fa6a97b6f8907
Win32 speaking shellcode that says "You are owned!" when injected into a process.
7c2ceba938f0258137c96e2d24741196da0e046078a38019daefa66e87cf8bfc
97 bytes small OS X / x86 shellcode that binds a shell to port 4444.
623642c76b21d9c8b8565f08b67486e7985cda73e2d5e7e4e1a112dc36fa3cee
Sysax Multi Server version 5.52 and below file rename buffer overflow exploit with egghunter shellcode that spawns a shell on port 4444.
fd8d36251f2ddc9fcea601c55652a9a591bf0d2d18d9d9b24252773e06529a61
This whitepaper goes into detail on how to use egg hunting shellcode in order to exploit a BisonWare FTP server.
df5bc33eaeb96b0f6521c6843db41166584ab0601a42185c148d886d2a3268c5
Win32/XP Pro SP3 (EN) 32-bit beep beep shellcode.
6e94bfb9d2b94082ecd1a9d972bdb0de79297cda77b7484f32f0b7fbafb9b244
Kraken Payload Generator is a bash script that makes use of msfpayload to generate various shellcode.
f092e65a54e783cfe249c5d3913c06b1a45f1598dd4523542d60d46d07461e05
180 bytes small Linux/x86 add new user/password shellcode.
2507665fb5598085aa7170024022a8af2b3c254563abca1ee43b028cda2e1de8
This Linux/x86 shellcode searches .php files and injects a PHP backdoor into them.
083be87460a5024c26d79b3f9143ff66d4099a6b438b7ea88f793822bed39c10
Savant Web Server version 3.1 buffer overflow exploit with shellcode that binds to port 4444.
1d2094e18f8f7a4cf268059fadae8eef7beb42584403b40728593d50b26e92eb
This shellcode writes down your code in the end of found files. Your code will be added only .html and .php files. Search for files is carried out recursively.
8c618ade2e8e0d28c057139097aaa69a682f6fa5ffedd4dac01f8f3adfba7245
94 bytes small BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode.
fa8695efffe51e32d85a7add93904eb75c24cf151a45133bc12107cd8d25c95f