what you don't know can hurt you
Showing 1 - 25 of 1,168 RSS Feed

Shellcode Files

Free MP3 CD Ripper 2.8 Buffer Overflow
Posted Nov 20, 2020
Authored by ZwX, Gionathan Reale | Site metasploit.com

This Metasploit module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.

tags | exploit, overflow, shellcode
advisories | CVE-2019-9767
MD5 | 93482b8f1d9c8f6f9b71706c24ed882a
SunSSH Solaris 10 x86 Remote Root
Posted Nov 9, 2020
Authored by Hacker Fantastic

A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.

tags | exploit, overflow, x86, shellcode
systems | solaris
advisories | CVE-2020-14871
MD5 | c44d6cb6c1ce8626e0f9dcf0f1591010
Safari Type Confusion / Sandbox Escape
Posted Oct 1, 2020
Authored by timwr, Insu Yun, Taesoo Kim, Jungwon Lim, Yonghwi Jin | Site metasploit.com

This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion (CVE-2020-9850). The type confusion can be used as addrof and fakeobj primitives that then lead to arbitrary read/write of memory. These primitives allow us to write shellcode into a JIT region (RWX memory) containing the next stage of the exploit. The next stage uses CVE-2020-9856 to exploit a heap overflow in CVM Server, and extracts a macOS application containing our payload into /var/db/CVMS. The payload can then be opened with CVE-2020-9801, executing the payload as a user but without sandbox restrictions.

tags | exploit, overflow, arbitrary, shellcode
advisories | CVE-2020-9801, CVE-2020-9850, CVE-2020-9856
MD5 | 2dc9b201150ea12e09390643b437b269
Linux/x86 Reverse TCP Shellcode
Posted Aug 24, 2020
Authored by Xenofon Vassilakopoulos

84 bytes small Linux/x86 reverse TCP shellcode.

tags | x86, tcp, shellcode
systems | linux
MD5 | d27c925e63f6be65e2fe56789bbf7646
Linux/x86 execve /bin/sh Shellcode
Posted Aug 21, 2020
Authored by cybersaki

10 bytes small Linux/x86 execve "/bin/sh" shellcode.

tags | x86, shellcode
systems | linux
MD5 | 17eba74611ee88dd5e7b38ff76974d98
Linux/x86 /dev/sda Partition Wiping Shellcode
Posted Aug 21, 2020
Authored by cybersaki

35 bytes small Linux/x86 /dev/sda wiping shellcode.

tags | x86, shellcode
systems | linux
MD5 | 19e25cdfd1453bac178a73395ba04bfa
Safari Webkit For iOS 7.1.2 JIT Optimization Bug
Posted Aug 14, 2020
Authored by timwr, Ian Beer, kudima, WanderingGlitch | Site metasploit.com

This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.

tags | exploit, kernel, root, shellcode
systems | apple, iphone, ios
advisories | CVE-2016-4669, CVE-2018-4162
MD5 | 193bef4f6ec1463a50a80fcde4b59fa1
Linux/x86 Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode
Posted Jul 24, 2020
Authored by danf42

35 bytes small Linux/x86 Egghunter(0x50905090) + sigaction + execve(/bin/sh) shellcode.

tags | x86, shellcode
systems | linux
MD5 | f1b110ff59b4adb7c79737eb1fc046c4
Windows/x86 mshta.exe Download Shellcode
Posted Jul 24, 2020
Authored by Siddharth Sharma

100 bytes small Windows/x86 download using mshta.exe shellcode.

tags | x86, shellcode
systems | windows
MD5 | 35ca25f1d948941abefae3daa165c025
EternalBlueC EternalBlue Suite
Posted Jul 23, 2020
Authored by bhassani | Site github.com

EternalBlueC is the EternalBlue suite remade in C which includes an MS17-010 exploit, EternalBlue/MS17-010 vulnerability detector, DoublePulsar detector, and DoublePulsar UploadDLL and shellcode.

tags | exploit, shellcode
MD5 | f0bed2dc06084b8a89c0c2fe9adefb55
NetPCLinker 1.0.0.0 Buffer Overflow
Posted Jun 29, 2020
Authored by Saeed reza Zamanian

NetPCLinker version 1.0.0.0 SEH with egghunter shellcode buffer overflow exploit.

tags | exploit, overflow, shellcode
MD5 | e76e96a4dcb2e6ca5a001536d6231df6
Linux/ARM 0.0.0.0:1337/TCP Bindshell Shellcode
Posted Jun 16, 2020
Authored by Anurag Srivastava

100 bytes small null-free Linux/ARM shellcode that binds /bin/sh to 0.0.0.0:1337/TCP.

tags | tcp, shellcode
systems | linux
MD5 | 111a5d97d0327b4f3d4106f084eac97e
Linux/ARM execve /bin/dash Shellcode
Posted Jun 16, 2020
Authored by Anurag Srivastava

32 bytes small Linux/ARM execve /bin/dash shellcode.

tags | shellcode
systems | linux
MD5 | abc2225ec6ad691079909d8f03eab5a9
Linux/x86 /etc/hosts Mapping Add Polymorphic Shellcode
Posted Jun 15, 2020
Authored by Xenofon Vassilakopoulos

102 bytes small Linux/x86 add map in /etc/hosts file polymorphic shellcode.

tags | x86, shellcode
systems | linux
MD5 | 979a6e0e42c8f46c1647b1c2de0c533a
Linux/x86 ASLR Deactivation Polymorphic Shellcode
Posted Jun 11, 2020
Authored by Xenofon Vassilakopoulos

124 bytes small ASLR deactivation polymorphic shellcode.

tags | shellcode
MD5 | 68fed31edbc95b6538cd08d866de9910
Linux/x86 Tiny Read Polymorphic Shellcode
Posted Jun 9, 2020
Authored by Xenofon Vassilakopoulos

75 bytes small Linux/x86 tiny read polymorphic shellcode.

tags | x86, shellcode
systems | linux
MD5 | d6f58fd7c7c280218ab60f1656e524b7
macOS/x64 zsh RickRolling Shellcode
Posted May 31, 2020
Authored by Bobby Cooke

198 bytes small macOS/x64 RickRolling shellcode.

tags | shellcode
MD5 | 629ad7b064b5d84ed3f906842421a4f2
Linux/x64 Anti-Debug Trick INT3 Trap Shellcode
Posted May 5, 2020
Authored by Dario Castrogiovanni

113 bytes small Linux/x64 anti-debug trick (INT3 trap) with execve("/bin/sh") shellcode that is NULL free.

tags | shellcode
systems | linux
MD5 | ba4326c992e6781e3f2d205bf50de438
Linux/x86 Egghunter Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

39 bytes small Linux/x86 egghunter null-free shellcode. The egghunter dynamically searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs.

tags | x86, shellcode
systems | linux
MD5 | 3cc1d7e8ad5391ad63e8cd52726be7e0
Linux/x86 Reverse Shell Generator Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address.

tags | shell, x86, tcp, shellcode
systems | linux
MD5 | 937201f1ff92ab4fabd623cad7224a07
Linux/x86 Dynamic MMX+FPU Encoded Add Root User Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

tags | x86, root, shellcode
systems | linux
MD5 | b4cd1c73f54aff707a22b55b2944bd8d
Linux/x86 Add Root User Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

107 bytes small Linux/x86 shellcode that adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

tags | x86, root, shellcode
systems | linux
MD5 | 20be4a130a7c7deaf759ff5c00029968
Linux/x64_86 ROL Encoded Execve Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

57 bytes small Linux/x64_86 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload.

tags | shellcode, bash
systems | linux
MD5 | 8dfa373d1ce188f0f22dd71251acb232
Linux Password Protected Bindshell Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

272 bytes small Linux/x86_64 null free password protected bindshell shellcode.

tags | shellcode
systems | linux
MD5 | b2aad21499e34b3822eb8138541d15fd
Linux/x64_86 Egghunter Execve Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

63 bytes small Linux/x64_86 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve(/bin/bash) shellcode.

tags | shellcode, bash
systems | linux
MD5 | a26b8168f0e16f88cec1b72030695f38
Page 1 of 47
Back12345Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close