73 bytes small Linux x86 reverse TCP shellcode that binds to 127.1.1.1:5555.
9e96cce76f9491a2d09409a32e416c2692 bytes small Linux x86 tcp/1337 bindshell shellcode.
ff78686f2571f1c5269ce33e66a58c8511 bytes small Linux/x86 egghunter shellcode.
9b4b51dc63cca9b58c058946a03cf25f5 bytes small Linux/x86 exit(0) shellcode.
97f77e037e6ad851dd4cb58e15f3337218 bytes small Linux/x86 execve /bin/sh shellcode.
739370cc7f3f22c6cac85503319011b5MikroTik RouterOS versions prior to 6.38.4 (x86) Chimay Red stack clash remote code execution exploit.
fa75bb56a5777825b631d7238931d52bThis Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
bfeae1744c34384854bd5326b5010471This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
41dab942f2886640903e2e9e54f5e2e7This Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This Metasploit module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This Metasploit module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.
8b66a6c82ba59a4ce479a1d17b9e36b6This Metasploit module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software ("units") without setting appropriate permissions, allowing unprivileged local users to execute arbitrary commands as root. This Metasploit module has been tested successfully with Juju agent tools versions 1.18.4, 1.25.5 and 1.25.9 on Ubuntu 14.04.1 LTS x86 deployed by Juju 1.18.1-trusty-amd64 and 1.25.6-trusty-amd64 on Ubuntu 14.04.1 LTS x86_64.
eb38e1fdceb4a094a0ae325d89253b30This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing the root directory before loading the crash report, causing 'usr/share/apport/apport' within the crashed task's directory to be executed. Similarly, Fedora is vulnerable when the kernel crash handler is configured to change root directory before executing ABRT, causing 'usr/libexec/abrt-hook-ccpp' within the crashed task's directory to be executed. In both instances, the crash handler does not drop privileges, resulting in code execution as root. This Metasploit module has been tested successfully on Apport 2.14.1 on Ubuntu 14.04.1 LTS x86 and x86_64 and ABRT on Fedora 19 and 20 x86_64.
1dc9fd5c90665c8934d2712e757240c312 bytes small Linux/x86 egghunter shellcode.
4c0527aa8ca0d3c599ef7e90b98b4809Ubuntu Security Notice 3548-2 - USN-3548-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
0d470581592ec8daa7fabea36ed96c69Ubuntu Security Notice 3548-1 - Jay Vosburgh discovered a logic error in the x86-64 syscall entry implementation in the Linux kernel, introduced as part of the mitigations for the Spectre vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
98e4af140782a4a6f1256006225407f077 bytes small Linux/x86 ROT-N + Shift-N + XOR-N encoded /bin/sh shellcode. Tested on Ubuntu 12.04.5 LTS.
c4e2f2606edd62c35ccc15418da04f5543 bytes small Linux/x86-64 execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL) shellcode.
b6402eb0799fd8fe40b5aff352f7747a96 bytes small Linux/x86-64 add mapping (127.1.1.1 google.lk) in /etc/hosts shellcode.
58571c81a05ae0a8e172b90ba5bfe99724 bytes small Linux/x86-64 execute /bin/sh shellcode.
50f820da8824e476bf8fe8000f27344b53 bytes small Linux/x86 execve(/bin/sh) polymorphic shellcode.
8969e8597aaffe29988a671c1898276930 bytes small Linux x86 exec /bin/dash shellcode.
e73a8aae13cbff1019f6a54b3efdd89f69 bytes small Linux x86 reverse TCP /bin/sh shell null-free shellcode that connects to 127.1.1.1:8888.
6d533f25a7d4621fb39f38d138aedb0636 bytes small Linux x86 chmod 777 /etc/sudoers shellcode.
ca0f278a45ecc842e202e2b69af7095cThere exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. The SEH record is overwritten with a "POP,POP,RET" pointer from the application library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and 10 (x86->x64). It should work against all versions of Windows and service packs.
d7371f0084bb280d35baaca73d2c929d30 bytes small Linux/x86 polymorphic execve(/bin/sh) shellcode.
e6f636dfcfcc6d4796c8328badab84e1153 bytes small Linux/x86-64 reverse TCP shell shellcode that binds to 192.168.1.2:4444.
61d0bff1874dee43bdda29cd1ada3ad1
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed