Exploit the possiblities
Showing 76 - 100 of 2,564 RSS Feed

Shell Files

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution
Posted Mar 10, 2017
Authored by anarc0der

Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution
advisories | CVE-2017-5638
MD5 | 1fe1221359b528e0a3f8439c385ef6e1
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking
Posted Mar 10, 2017
Authored by Nicholas von Pechmann

dnaLIMS DNA sequencing application suffers from an improperly protected web shell, a directory traversal, insecure password storage, session hijacking, cross site scripting, and improperly protected content vulnerabilities.

tags | exploit, web, shell, vulnerability, xss, file inclusion
advisories | CVE-2017-6526, CVE-2017-6527, CVE-2017-6528, CVE-2017-6529
MD5 | b192d5704b262c433258f2c3017c4ab2
Linux x86_64 NetCat Reverse Shell Shellcode
Posted Mar 5, 2017
Authored by Robert L. Taylor

72 bytes small Linux x86_64 netcat reverse shell shellcode.

tags | shell, shellcode
systems | linux
MD5 | 6f02364e62c6a247e413f7efab86d251
Linux x86_64 Polymorphic NetCat Reverse Shell Shellcode
Posted Mar 5, 2017
Authored by Robert L. Taylor

106 bytes small Linux x86_64 polymorphic netcat reverse shell shellcode.

tags | shell, shellcode
systems | linux
MD5 | 48409c0e781dd94983e54244be9d7b6c
pfSense 2.3.2 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 3, 2017
Authored by Yann CAM

pfSense version 2.3.2 suffers from cross site request forgery and cross site scripting vulnerabilities that can assist in gaining a reverse-shell remotely as root.

tags | exploit, shell, root, vulnerability, xss, csrf
MD5 | 8e0b5a8504ac3631cc0b658d6f10ed20
WordPress Mobile App Native 3.0 Shell Upload
Posted Mar 2, 2017
Authored by Larry W. Cashdollar

WordPress Mobile App Native plugin version 3.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 33588d70b1e4e4d09b5f020e76ad9d56
Linux/x86-64 Reverse Shell Shellcode
Posted Mar 1, 2017
Authored by Manuel Mancera

84 bytes small Linux/x86-64 reverse shell shellcode.

tags | shell, x86, shellcode
systems | linux
MD5 | 8ad83cea9a4b6b006ad4a960d1247492
MVPower DVR Shell Unauthenticated Command Execution
Posted Feb 25, 2017
Authored by Brendan Coles, Andrew Tierney, Paul Davies | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This Metasploit module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17). The TV-7108HE model is also reportedly affected, but untested.

tags | exploit, remote, web, arbitrary, shell
MD5 | b943340b352d3992b7f12c896f1c4222
Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation
Posted Feb 23, 2017
Authored by hantwister

Teradici Management Console version 2.2.0 suffers from privilege escalation and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | cec207ea48f379a2e75b38decd19e601
Linux Reverse Shell Shellcode
Posted Feb 19, 2017
Authored by Robert L. Taylor

66 bytes small Linux reverse shell shellcode.

tags | shell, shellcode
systems | linux
MD5 | 0acba259ef5612679aaf8c860f3712db
Linux Dual / Multi Mode Bind Shell Shellcode
Posted Feb 16, 2017
Authored by odzhancode

156 bytes small Linux dual / multi mode bind shell shellcode.

tags | shell, shellcode
systems | linux
MD5 | 5e7fa89cf4bddf8d5856ecae1de36e88
HP Security Bulletin HPESBNS03702 1
Posted Feb 13, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBNS03702 1 - Several potential security vulnerabilities have been discovered in the Bash Shell in NonStop OSS Core Utilities. The vulnerabilities allow local users to execute arbitrary commands with root privileges. Revision 1 of this advisory.

tags | advisory, arbitrary, shell, local, root, vulnerability, bash
advisories | CVE-2016-7543
MD5 | 6259680797a99e9a2aa05359b939652b
WordPress Dance Studio 1.0.0 Shell Upload
Posted Feb 13, 2017
Authored by xBADGIRL21

WordPress Dance Studio theme version 1.0.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | c02f830944336043923e5d48ad315a0f
POSNIC 1.03 Shell Upload
Posted Feb 6, 2017
Authored by Rony Das

POSNIC version 1.03 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 99dc2d4efd1adf01f95921ec21ad59a8
Linux Multi/Dual Mode Reverse Shell Shellcode
Posted Feb 2, 2017
Authored by odzhancode

129 bytes small Linux multi/dual mode reverse shell shellcode.

tags | shell, shellcode
systems | linux
MD5 | 54e23ca8ff9c6f051550dc5b3c24c7a1
Telstra 4Gx Portable Router Persistent Root Shell
Posted Jan 22, 2017
Authored by David Crees

This write up discusses how to leave a persistent root shell on a Telstra 4GX portable router.

tags | paper, shell, root
MD5 | 5ce382b3e97db0ed2752e7c22784c2b7
PHPMailer / Zend-mail / SwiftMailer Remote Code Execution
Posted Jan 3, 2017
Authored by Dawid Golunski

This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.

tags | exploit, web, shell, php, proof of concept
advisories | CVE-2016-10033, CVE-2016-10034, CVE-2016-10045, CVE-2016-10074
MD5 | a0be91defae2564f4405c81fdeab38cd
OpenSSH Local Privilege Escalation
Posted Dec 23, 2016
Authored by Jann Horn, Google Security Research

OpenSSH can forward TCP sockets and UNIX domain sockets. If privilege separation is disabled, then on the server side, the forwarding is handled by a child of sshd that has root privileges. For TCP server sockets, sshd explicitly checks whether an attempt is made to bind to a low port (below IPPORT_RESERVED) and, if so, requires the client to authenticate as root. However, for UNIX domain sockets, no such security measures are implemented. This means that, using "ssh -L", an attacker who is permitted to log in as a normal user over SSH can effectively connect to non-abstract unix domain sockets with root privileges. On systems that run systemd, this can for example be exploited by asking systemd to add an LD_PRELOAD environment variable for all following daemon launches and then asking it to restart cron or so. The attached exploit demonstrates this - if it is executed on a system with systemd where the user is allowed to ssh to his own account and where privsep is disabled, it yields a root shell.

tags | exploit, shell, root, tcp
systems | unix
advisories | CVE-2016-10010
MD5 | b93e78906a304aa126934a6c44a6999b
Pozzo And Lucky, The Phantom Shell. Stego In TCP/IP Part 2
Posted Dec 12, 2016
Authored by John Torakis

Whitepaper called Pozzo and Lucky, The phantom Shell. Stego in TCP/IP Part 2.

tags | paper, shell, tcp
MD5 | a6c9bb01e06dadec12c647c00cd97767
Windows x64 Bind Shell TCP Shellcode
Posted Dec 8, 2016
Authored by Roziul Hasan Khan Shifat

508 bytes small Windows x64 bind shell TCP shellcode.

tags | shell, tcp, shellcode
systems | windows
MD5 | 88daf8d528993fc1e0347b49202b3b2a
Sony IPELA ENGINE IP Cameras Backdoor Accounts
Posted Dec 6, 2016
Authored by Stefan Viehbock | Site sec-consult.com

Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionality. After enabling Telnet/SSH, another backdoor allows an attacker to gain access to a Linux shell with root privileges.

tags | exploit, remote, shell, root
systems | linux
MD5 | 4de5c510fc38fb6a30c60e297e892ce3
Linux/x86 Netcat Reverse Shell Shellcode
Posted Dec 6, 2016
Authored by Filippo Bersani

180 bytes small Linux/x86 Netcat with -e option disabled reverse shell shellcode.

tags | shell, x86, shellcode
systems | linux
MD5 | 183eb0f5b928208a679bd53df527d086
Windows Escalate UAC Protection Bypass
Posted Dec 2, 2016
Authored by Matt Graeber, OJ Reeves, Matt Nelson | Site metasploit.com

This Metasploit module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

tags | exploit, shell, registry
systems | windows
MD5 | e6e7b2e95e14423e3c1de3ad6c4d3284
Dlink DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow
Posted Nov 21, 2016
Authored by Pedro Ribeiro | Site metasploit.com

Several Dlink routers contain a pre-authentication stack buffer overflow vulnerability, which is exposed on the LAN interface on port 80. This vulnerability affects the HNAP SOAP protocol, which accepts arbitrarily long strings into certain XML parameters and then copies them into the stack. This exploit has been tested on the real devices DIR-818LW and 868L (rev. B), and it was tested using emulation on the DIR-822, 823, 880, 885, 890 and 895. Others might be affected, and this vulnerability is present in both MIPS and ARM devices. The MIPS devices are powered by Lextra RLX processors, which are crippled MIPS cores lacking a few load and store instructions. Because of this the payloads have to be sent unencoded, which can cause them to fail, although the bind shell seems to work well. For the ARM devices, the inline reverse tcp seems to work best. Check the reference links to see the vulnerable firmware versions.

tags | exploit, overflow, shell, tcp, protocol
advisories | CVE-2016-6563
MD5 | dd3ba90a3c8d9aee1a73c5d68572d159
Joomla K2 2.7.1 Shell Upload / Cross Site Request Forgery
Posted Nov 20, 2016
Authored by Anti Rais

Joomla K2 extension versions 2.5.0 through 2.7.1 suffer from cross site request forgery and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, csrf
MD5 | 9d7f77f187bfa6b87e774aacdf424006
Page 4 of 103

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By