330 bytes small Windows/x86 reverse TCP shellcode that connects to 192.168.201.11:4444.
62fe34329d5e8ee5089f6fbc86bcb0a3Linux/x86 egghunter reverse TCP shell shellcode generator with dynamic IP and port.
12a643a44f3245dd82780330839889e386 bytes small Linux/x86 reverse TCP shell with dynamic IP and port binding shellcode.
15a0f14a218e63eb34bcd799a25afa3f102 bytes small Linux/x86 bindshell shellcode with dynamic port binding.
2466ec88e755920f1d0ab273d48787fdSolaris SunSSH version 11.0 on x86 libpam remote root exploit.
ad6170fd6c91ea4241f7bcc669da3838Linux/x86 custom shellcode ASCII And-Sub encoder.
fd342f39f8d8f060a49f6827fb45932770 bytes small Linux/x86 shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell.
e253cdb3deeb186f54711db1afcee22e29 bytes small Linux/x86 shellcode that performs setreuid to 0 and then executes /bin/sh.
fb31f0e9f1ee8031f9ee3bdc1516a790It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
b564ede11c90d1a439897db81efbd24bUbuntu Security Notice 4916-1 - It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
51ebf05c69b14b4b5df3a811f767345a17 bytes small Linux/x86 execve(/bin/sh) shellcode.
1b7f8c231c50bdbd88ccc61b077281f8Ubuntu Security Notice 4912-1 - Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
1bded3d10c58ff192a0d70e344750ce6240 bytes small Windows/x86 add user Alfred to administrators/remote desktop users group shellcode.
444c0277c03e6f66fefa718118a17499143 bytes small Windows/x86 stager generic MSHTA shellcode.
cd26783c34c055b8e7b1aa54b1801d75113 bytes small Linux/x86 Socat bind shellcode.
bb6b9dc9e8fde4989a5257fab416127665 bytes small Linux/x86 bindshell shellcode that binds /bin/sh to TCP/0.0.0.0:13377.
b50ae92a79eb994d20eae879ab538a64Intel Matrix Storage Event Monitor x86 version 8.0.0.1039 suffers from an IAANTMON unquoted service path vulnerability.
d63cbd50d7684008b682c1026d6a9f5d114 bytes small Linux/x86 reverse TCP shellcode.
736ab2fee6b1fc77956e403631161630This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.
10f67723ac23f05d8cba2e16ff2e467aSolaris SunSSH versions 10 through 11.0 on x86 libpam remote root exploit.
8fbea7fde1a23252954cc85134e98724Whitepaper called Encrypted Linux x86-64 Loadable Kernel Modules (ELKM). The aim is to protect kernel-based rootkits and implants against observation by EndpointDetection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling.
71edce142a1b2975b9d4d10c1398f3b2A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.
3fbcd0fdda16b92f50dc244f60276db184 bytes small Linux/x86 reverse TCP shellcode.
d27c925e63f6be65e2fe56789bbf764610 bytes small Linux/x86 execve "/bin/sh" shellcode.
17eba74611ee88dd5e7b38ff76974d9835 bytes small Linux/x86 /dev/sda wiping shellcode.
19e25cdfd1453bac178a73395ba04bfa
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed