Windows/x86 bind TCP shellcode / dynamic PEB and EDT method null-free shellcode. This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length.
736f21ab958a376512c0d0673c8c0979178 bytes small Windows/x86 shellcode that pops calc.exe. The shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. It also uses a hash function to dynamically gather the required symbols without worry about the length. Finally, the shellcode pops the calc.exe using WinExec and exits gracefully using TerminateProcess.
70e3a483b4145481e8f112c1f54c7b2b330 bytes small Windows/x86 reverse TCP shellcode that connects to 192.168.201.11:4444.
62fe34329d5e8ee5089f6fbc86bcb0a3Linux/x86 egghunter reverse TCP shell shellcode generator with dynamic IP and port.
12a643a44f3245dd82780330839889e386 bytes small Linux/x86 reverse TCP shell with dynamic IP and port binding shellcode.
15a0f14a218e63eb34bcd799a25afa3f102 bytes small Linux/x86 bindshell shellcode with dynamic port binding.
2466ec88e755920f1d0ab273d48787fdLinux/x86 custom shellcode ASCII And-Sub encoder.
fd342f39f8d8f060a49f6827fb45932770 bytes small Linux/x86 shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell.
e253cdb3deeb186f54711db1afcee22e29 bytes small Linux/x86 shellcode that performs setreuid to 0 and then executes /bin/sh.
fb31f0e9f1ee8031f9ee3bdc1516a790655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
75a126bd35170b68365261ae4f904c66205 bytes small 64-bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB and ExportTable method. It contains no null bytes (0x00), and therefore will not crash if injected into typical stack buffer overflow vulnerabilities.
02563e617ae846cbf28e476c3c33e2a9387 bytes small 64-bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups. Shellcode must be executed from a process with either a HIGH or SYSTEM integrity level.
6df3a5415bbadd51489ca198606490f117 bytes small Linux/x86 execve(/bin/sh) shellcode.
1b7f8c231c50bdbd88ccc61b077281f821 bytes small Linux/x64 execve(/bin/sh) shellcode.
3eb904edf84797c8c3688bec6a97022eThis Metasploit module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit). The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1. This is abused to gain arbitrary read/write into the isolate region. Then an ArrayBuffer can be used to achieve absolute arbitrary read/write. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly.
758b1b6a7d79e6e0b8783d71d9139ba5240 bytes small Windows/x86 add user Alfred to administrators/remote desktop users group shellcode.
444c0277c03e6f66fefa718118a1749966 bytes small Linux/x64 execve "cat /etc/shadow" shellcode.
12d3d60f176481a38c68ae9d5a668edb142 bytes small Linux/x64 shellcode that binds a password protected shell to TCP 0.0.0.0:4444.
f8b947c4c7650a50507dafa334b79742143 bytes small Windows/x86 stager generic MSHTA shellcode.
cd26783c34c055b8e7b1aa54b1801d75113 bytes small Linux/x86 Socat bind shellcode.
bb6b9dc9e8fde4989a5257fab4161276123 bytes small Linux/x64 reverse shell shellcode that connects to TCP/127.1.1.1:4444.
6fdcaaec184d84b16a741d95de7b396165 bytes small Linux/x86 bindshell shellcode that binds /bin/sh to TCP/0.0.0.0:13377.
b50ae92a79eb994d20eae879ab538a64This Metasploit module exploit BITS behavior which tries to connect to the local Windows Remote Management server (WinRM) every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server, which allows to steal a SYSTEM token. This token is then used to launch a new process as SYSTEM user. In the case of this exploit, notepad.exe is launched as SYSTEM. Then, it writes shellcode in its previous memory space and trigger its execution. As this exploit uses reflective dll injection, it does not write any file on the disk. Vulnerable operating systems are Windows 10 and Windows servers where WinRM is not running. Lab experiments has shown that Windows 7 does not exhibit the vulnerable behavior.
c3736b57f1257197d426a69fdf409d38114 bytes small Linux/x86 reverse TCP shellcode.
736ab2fee6b1fc77956e403631161630This Metasploit module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.
93482b8f1d9c8f6f9b71706c24ed882a
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed