what you don't know can hurt you
Showing 1 - 25 of 1,183 RSS Feed

Shellcode Files

Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

tags | shell, shellcode
systems | windows
MD5 | 75a126bd35170b68365261ae4f904c66
Windows/x64 Dynamic Null-Free WinExec PopCalc Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

205 bytes small 64-bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB and ExportTable method. It contains no null bytes (0x00), and therefore will not crash if injected into typical stack buffer overflow vulnerabilities.

tags | overflow, vulnerability, shellcode
systems | windows
MD5 | 02563e617ae846cbf28e476c3c33e2a9
Windows/x64 Dynamic NoNull Add RDP Admin Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

387 bytes small 64-bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups. Shellcode must be executed from a process with either a HIGH or SYSTEM integrity level.

tags | shellcode
systems | windows
MD5 | 6df3a5415bbadd51489ca198606490f1
Linux/x86 execve(/bin/sh) Shellcode
Posted Apr 16, 2021
Authored by s1ege

17 bytes small Linux/x86 execve(/bin/sh) shellcode.

tags | x86, shellcode
systems | linux
MD5 | 1b7f8c231c50bdbd88ccc61b077281f8
Linux/x64 execve(/bin/sh) Shellcode
Posted Apr 16, 2021
Authored by s1ege

21 bytes small Linux/x64 execve(/bin/sh) shellcode.

tags | shellcode
systems | linux
MD5 | 3eb904edf84797c8c3688bec6a97022e
Google Chrome SimplfiedLowering Integer Overflow
Posted Apr 9, 2021
Authored by Rajvardhan Agarwal | Site metasploit.com

This Metasploit module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit). The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1. This is abused to gain arbitrary read/write into the isolate region. Then an ArrayBuffer can be used to achieve absolute arbitrary read/write. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, overflow, arbitrary, shellcode
advisories | CVE-2020-16040
MD5 | 758b1b6a7d79e6e0b8783d71d9139ba5
Windows/x86 Add User Alfred Shellcode
Posted Feb 23, 2021
Authored by Armando Huesca Prida

240 bytes small Windows/x86 add user Alfred to administrators/remote desktop users group shellcode.

tags | remote, x86, shellcode
systems | windows
MD5 | 444c0277c03e6f66fefa718118a17499
Linux/x64 execve cat /etc/shadow Shellcode
Posted Feb 9, 2021
Authored by Felipe Winsnes

66 bytes small Linux/x64 execve "cat /etc/shadow" shellcode.

tags | shellcode
systems | linux
MD5 | 12d3d60f176481a38c68ae9d5a668edb
Linux/x64 Bindshell With Password Shellcode
Posted Jan 25, 2021
Authored by Guillem Alminyana

142 bytes small Linux/x64 shellcode that binds a password protected shell to TCP 0.0.0.0:4444.

tags | shell, tcp, shellcode
systems | linux
MD5 | f8b947c4c7650a50507dafa334b79742
Windows/x86 Stager Generic MSHTA Shellcode
Posted Jan 22, 2021
Authored by Armando Huesca Prida

143 bytes small Windows/x86 stager generic MSHTA shellcode.

tags | x86, shellcode
systems | windows
MD5 | cd26783c34c055b8e7b1aa54b1801d75
Linux/x86 Socat Bind Shellcode
Posted Jan 20, 2021
Authored by Felipe Winsnes

113 bytes small Linux/x86 Socat bind shellcode.

tags | x86, shellcode
systems | linux
MD5 | bb6b9dc9e8fde4989a5257fab4161276
Linux/x64 Reverse Shell Shellcode
Posted Jan 19, 2021
Authored by Guillem Alminyana

123 bytes small Linux/x64 reverse shell shellcode that connects to TCP/127.1.1.1:4444.

tags | shell, tcp, shellcode
systems | linux
MD5 | 6fdcaaec184d84b16a741d95de7b3961
Linux/x86 Bindshell Shellcode
Posted Jan 15, 2021
Authored by ac3

65 bytes small Linux/x86 bindshell shellcode that binds /bin/sh to TCP/0.0.0.0:13377.

tags | x86, tcp, shellcode
systems | linux
MD5 | b50ae92a79eb994d20eae879ab538a64
NTLM BITS SYSTEM Token Impersonation
Posted Jan 6, 2021
Authored by Andrea Pierini, Cassandre, Roberto, Antonio Cocomazzi | Site metasploit.com

This Metasploit module exploit BITS behavior which tries to connect to the local Windows Remote Management server (WinRM) every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server, which allows to steal a SYSTEM token. This token is then used to launch a new process as SYSTEM user. In the case of this exploit, notepad.exe is launched as SYSTEM. Then, it writes shellcode in its previous memory space and trigger its execution. As this exploit uses reflective dll injection, it does not write any file on the disk. Vulnerable operating systems are Windows 10 and Windows servers where WinRM is not running. Lab experiments has shown that Windows 7 does not exhibit the vulnerable behavior.

tags | exploit, remote, local, shellcode
systems | windows, 7
MD5 | c3736b57f1257197d426a69fdf409d38
Linux/x86 Reverse TCP Shellcode
Posted Dec 31, 2020
Authored by Stylianos Voukatas

114 bytes small Linux/x86 reverse TCP shellcode.

tags | x86, tcp, shellcode
systems | linux
MD5 | 736ab2fee6b1fc77956e403631161630
Free MP3 CD Ripper 2.8 Buffer Overflow
Posted Nov 20, 2020
Authored by ZwX, Gionathan Reale | Site metasploit.com

This Metasploit module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.

tags | exploit, overflow, shellcode
advisories | CVE-2019-9767
MD5 | 93482b8f1d9c8f6f9b71706c24ed882a
SunSSH Solaris 10.0 / 11.0 x86 Remote Root
Posted Nov 9, 2020
Authored by Hacker Fantastic

A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.

tags | exploit, overflow, x86, shellcode
systems | solaris
advisories | CVE-2020-14871
MD5 | 3fbcd0fdda16b92f50dc244f60276db1
Safari Type Confusion / Sandbox Escape
Posted Oct 1, 2020
Authored by timwr, Insu Yun, Taesoo Kim, Jungwon Lim, Yonghwi Jin | Site metasploit.com

This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion (CVE-2020-9850). The type confusion can be used as addrof and fakeobj primitives that then lead to arbitrary read/write of memory. These primitives allow us to write shellcode into a JIT region (RWX memory) containing the next stage of the exploit. The next stage uses CVE-2020-9856 to exploit a heap overflow in CVM Server, and extracts a macOS application containing our payload into /var/db/CVMS. The payload can then be opened with CVE-2020-9801, executing the payload as a user but without sandbox restrictions.

tags | exploit, overflow, arbitrary, shellcode
advisories | CVE-2020-9801, CVE-2020-9850, CVE-2020-9856
MD5 | 2dc9b201150ea12e09390643b437b269
Linux/x86 Reverse TCP Shellcode
Posted Aug 24, 2020
Authored by Xenofon Vassilakopoulos

84 bytes small Linux/x86 reverse TCP shellcode.

tags | x86, tcp, shellcode
systems | linux
MD5 | d27c925e63f6be65e2fe56789bbf7646
Linux/x86 execve /bin/sh Shellcode
Posted Aug 21, 2020
Authored by cybersaki

10 bytes small Linux/x86 execve "/bin/sh" shellcode.

tags | x86, shellcode
systems | linux
MD5 | 17eba74611ee88dd5e7b38ff76974d98
Linux/x86 /dev/sda Partition Wiping Shellcode
Posted Aug 21, 2020
Authored by cybersaki

35 bytes small Linux/x86 /dev/sda wiping shellcode.

tags | x86, shellcode
systems | linux
MD5 | 19e25cdfd1453bac178a73395ba04bfa
Safari Webkit For iOS 7.1.2 JIT Optimization Bug
Posted Aug 14, 2020
Authored by timwr, Ian Beer, kudima, WanderingGlitch | Site metasploit.com

This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.

tags | exploit, kernel, root, shellcode
systems | apple, iphone, ios
advisories | CVE-2016-4669, CVE-2018-4162
MD5 | 193bef4f6ec1463a50a80fcde4b59fa1
Linux/x86 Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode
Posted Jul 24, 2020
Authored by danf42

35 bytes small Linux/x86 Egghunter(0x50905090) + sigaction + execve(/bin/sh) shellcode.

tags | x86, shellcode
systems | linux
MD5 | f1b110ff59b4adb7c79737eb1fc046c4
Windows/x86 mshta.exe Download Shellcode
Posted Jul 24, 2020
Authored by Siddharth Sharma

100 bytes small Windows/x86 download using mshta.exe shellcode.

tags | x86, shellcode
systems | windows
MD5 | 35ca25f1d948941abefae3daa165c025
EternalBlueC EternalBlue Suite
Posted Jul 23, 2020
Authored by bhassani | Site github.com

EternalBlueC is the EternalBlue suite remade in C which includes an MS17-010 exploit, EternalBlue/MS17-010 vulnerability detector, DoublePulsar detector, and DoublePulsar UploadDLL and shellcode.

tags | exploit, shellcode
MD5 | f0bed2dc06084b8a89c0c2fe9adefb55
Page 1 of 48
Back12345Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close