exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 1,206 RSS Feed

Shellcode Files

macOS/x64 Execve Caesar Cipher String Null-Free Shellcode
Posted Dec 22, 2022
Authored by Bobby Cooke

286 bytes small macOS/x64 execve Caesar cipher string null-free shellcode.

tags | shellcode
SHA-256 | aa23ac4a240ae6871b72d0723b1c8d4ebded5889ad862b0dd0455f86699c05a2
macOS/x64 Execve Null-Free Shellcode
Posted Dec 22, 2022
Authored by Bobby Cooke

253 bytes small macOS/x64 execve null-free shellcode.

tags | shellcode
SHA-256 | 8b589116ca43d93bd39b3f0f87c1530ec372e055ebb8ddff6b021bf288966dd7
monomorph MD5-Monomorphic Shellcode Packer
Posted Sep 29, 2022
Authored by Retr0id | Site github.com

This tool packs up to 4KB of compressed shellcode into an executable binary, near-instantly. The output file will always have the same MD5 hash: 3cebbe60d91ce760409bbe513593e401. Currently, only Linux x86-64 is supported. It would be trivial to port this technique to other platforms, although each version would end up with a different MD5.

tags | tool, x86, shellcode
systems | linux, unix
SHA-256 | 1401bc41094d6c399524f490182dedc77295916d73ec25d4c7ea3751f754d6cc
3DES Shellcode Crypter
Posted Jul 11, 2022
Authored by D7X

This tool is a 3DES shellcode crypter.

tags | shellcode
SHA-256 | 9e6475d7e02bb5bcc0b7670b1ca005b4e4ecb987abc3fd2dcd7a5d44af829d04
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
Posted May 11, 2022
Authored by Pedro Ribeiro, Radek Domanski | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a reverse root shell. A custom payload is used as Metasploit does not have ARMLE null free shellcode. This vulnerability was presented by the Flashback Team in Pwn2Own Austin 2021 and OffensiveCon 2022. For more information check the referenced advisory. This module has been tested in firmware versions 1.0.03.15 and above and works with around 65% reliability. The service restarts automatically so you can keep trying until you pwn it. Only the RV340 router was tested, but other RV series routers should work out of the box.

tags | exploit, overflow, shell, root, shellcode
systems | cisco
advisories | CVE-2022-20699
SHA-256 | 619682621429d96cd23a1e1bcd69a008398c5244223265886c52e2e417242d02
XDNR Shellcode Cryptor / Encoder
Posted Apr 19, 2022
Authored by Xenofon Vassilakopoulos

X0R Cryptor with DEC/N0T/R0R encoder plus random byte insertion.

tags | tool, shellcode
SHA-256 | 79b9b9a6dd757b66b2e94d3630b76899ed2e53218846c0933182d8877820babb
Firefox MCallGetProperty Write Side Effects Use-After-Free
Posted Mar 1, 2022
Authored by timwr, maxpl0it, 360 ESG Vulnerability Research Institute | Site metasploit.com

This Metasploit modules exploits CVE-2020-26950, a use-after-free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construct primitives. The shellcode is forced into executable memory via the JIT compiler, and executed by writing to the JIT region pointer. This exploit does not contain a sandbox escape, so firefox must be run with the MOZ_DISABLE_CONTENT_SANDBOX environment variable set, in order for the shellcode to run successfully. This vulnerability affects Firefox versions prior to 82.0.3, Firefox ESR versions prior to 78.4.1, and Thunderbird versions prior to 78.4.2, however only Firefox versions up to 79 are supported as a target. Additional work may be needed to support other versions such as Firefox 82.0.1.

tags | exploit, shellcode
advisories | CVE-2020-26950
SHA-256 | c5497acbfe1516edccf2f8747d261489391c42dfa92ad82028efc92b075df944
Solaris/SPARC chmod() Shellcode
Posted Feb 18, 2022
Authored by Marco Ivaldi

64 bytes small Solaris/SPARC setuid(0) + chmod (/bin/ksh) + exit(0) shellcode.

tags | shellcode
systems | solaris
SHA-256 | ac0a8ce6fdd207649a67626e1818a1afd680783d1a46fb94677718a1d1994210
Solaris/SPARC execve() Shellcode
Posted Feb 18, 2022
Authored by Marco Ivaldi

60 bytes small Solaris/SPARC setuid(0) + execve (/bin/ksh) shellcode.

tags | shellcode
systems | solaris
SHA-256 | d785c150823ddd32cb42d29580182ea9055608bea403fff7662eca6bf006f946
Linux/MIPS N32 MSB Reverse Shell Shellcode
Posted Feb 18, 2022
Authored by Marco Ivaldi

Linux/MIPS N32 MSB reverse shell shellcode that showcases various techniques to avoid badchars.

tags | shell, shellcode
systems | linux
SHA-256 | b1b0100dc2ab1910886ea650ac52df457851a4b14a3d07a98e33678c077b6d6e
Solaris/SPARC chmod() Shellcode
Posted Feb 18, 2022
Authored by Marco Ivaldi

Solaris/SPARC chmod() shellcode with a max size of 36 bytes.

tags | shellcode
systems | solaris
SHA-256 | 844bef47108ea6b399c1949416ca0526422e2fc8ce504d583c3f36aaa4144470
Windows/x86 Locate kernel32 Base Address / Stack Crack Method Null Free Shellcode
Posted Feb 8, 2022
Authored by Tarek Ahmed

171 bytes small Windows/x86 shellcode with a new method to find the kernel32 base address by walking down the stack and look for a possible Kernel32 address using a custom SEH handler. Each address found on the stack will be tested using the Exception handling function. If it's valid and starts with 7, then it's a possible kernel32 address.

tags | x86, shellcode
systems | windows
SHA-256 | e7941faf4a7799cf5e35fcf962b075b17a9570e4f37e959633b2962f8d3bf53d
Windows/x86 Local kernel32 Base Address / Memory Sieve Shellcode
Posted Feb 4, 2022
Authored by Tarek Ahmed

133 bytes small Windows/x86 kernel32 base address / memory sieve method shellcode.

tags | x86, shellcode
systems | windows
SHA-256 | 02598a837cdf14b2aa15f8aa989595e031da15dac8d7e4835e2d041eda455355
Windows/x86 Download File / Execute Shellcode
Posted Feb 4, 2022
Authored by Techryptic

458 bytes small Windows/x86 download file and execute dynamic PEB and EDT method shellcode.

tags | x86, shellcode
systems | windows
SHA-256 | 373527dc3abce798f323c157f33b7e37a9ae39642431558cc7be8a6423eec576
Windows/x86 Bind TCP Shellcode
Posted Oct 7, 2021
Authored by h4pp1n3ss

Windows/x86 bind TCP shellcode / dynamic PEB and EDT method null-free shellcode. This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length.

tags | x86, tcp, shellcode
systems | windows
SHA-256 | 7dd9706d9d60f259d8e6ef790111d2ef99c07abddaae6debfdc64b5c0856ce2f
Windows/x86 nWinExec PopCalc PEB And Export Directory Table NullFree Dynamic Shellcode
Posted Oct 1, 2021
Authored by h4pp1n3ss

178 bytes small Windows/x86 shellcode that pops calc.exe. The shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. It also uses a hash function to dynamically gather the required symbols without worry about the length. Finally, the shellcode pops the calc.exe using WinExec and exits gracefully using TerminateProcess.

tags | x86, shellcode
systems | windows
SHA-256 | 9b19277190c962885d3585247da068c374f5db74bbb693ce9cb6fe906a1118a8
Windows/x86 Reverse TCP Shellcode
Posted Sep 13, 2021
Authored by Xenofon Vassilakopoulos

330 bytes small Windows/x86 reverse TCP shellcode that connects to 192.168.201.11:4444.

tags | x86, tcp, shellcode
systems | windows
SHA-256 | 12149f06ca22bb6ea072202a3c3d714fb9e0922026292c67e2fc3c768fa2b30f
Linux/x86 Egghunter Reverse TCP Shell Shellcode
Posted Jul 19, 2021
Authored by D7X

Linux/x86 egghunter reverse TCP shell shellcode generator with dynamic IP and port.

tags | shell, x86, tcp, shellcode
systems | linux
SHA-256 | f381e9e627457c622f41f2e0f02fd7275a109fbf7c64277852a12fa68a12f383
Linux/x86 Reverse TCP Shell Shellcode
Posted Jul 12, 2021
Authored by D7X

86 bytes small Linux/x86 reverse TCP shell with dynamic IP and port binding shellcode.

tags | shell, x86, tcp, shellcode
systems | linux
SHA-256 | 098ad2f853874de86f3c54be8fe5f0603e48dcd1deaae5ff49d0f3c6ecd04c34
Linux/x86 Bindshell With Dynamic Port Binding Shellcode
Posted Jul 8, 2021
Authored by D7X | Site promiselabs.net

102 bytes small Linux/x86 bindshell shellcode with dynamic port binding.

tags | x86, shellcode
systems | linux
SHA-256 | 5c78bdabecd99971442c81d97f0c4cac565a54711d65cfb78e5c749c02cc5a5a
Linux/x86 Custom Shellcode ASCII And-Sub Encoder
Posted Jun 16, 2021
Authored by Xenofon Vassilakopoulos

Linux/x86 custom shellcode ASCII And-Sub encoder.

tags | x86, shellcode
systems | linux
SHA-256 | e94e7d4fd85ab353e369c5db6283be701e1beb64be40051eb7290608b3d9b335
Linux/x86 execve /bin/sh Shellcode
Posted Jun 10, 2021
Authored by D7X | Site promiselabs.net

70 bytes small Linux/x86 shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell.

tags | shell, x86, shellcode
systems | linux
SHA-256 | 11b3b90f9432231138d2380813aec5392fb07dbce222b7123fb12312d6eaa007
Linux/x86 setreuid(0) / execve("/bin/sh") Shellcode
Posted May 10, 2021
Authored by Artur Szymczak

29 bytes small Linux/x86 shellcode that performs setreuid to 0 and then executes /bin/sh.

tags | x86, shellcode
systems | linux
SHA-256 | e6a46129d157e756ab079a8bd8c0b4fb71e4329d98e97809fa092cf1d9ec5876
Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

tags | shell, shellcode
systems | windows
SHA-256 | 9b8f41be48c0a71cc5b34fd0d409faea955538963763a4a5c5ca27e1ec4d2afb
Windows/x64 Dynamic Null-Free WinExec PopCalc Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

205 bytes small 64-bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB and ExportTable method. It contains no null bytes (0x00), and therefore will not crash if injected into typical stack buffer overflow vulnerabilities.

tags | overflow, vulnerability, shellcode
systems | windows
SHA-256 | 6143eebe8156ea982d4ef3362eab1915ca829a3ac99ed38af8a6c4ca2e852a0d
Page 1 of 49
Back12345Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close