exploit the possibilities
Showing 1 - 25 of 925 RSS Feed

x86 Files

Windows/x86 Add User Alfred Shellcode
Posted Feb 23, 2021
Authored by Armando Huesca Prida

240 bytes small Windows/x86 add user Alfred to administrators/remote desktop users group shellcode.

tags | remote, x86, shellcode
systems | windows
MD5 | 444c0277c03e6f66fefa718118a17499
Windows/x86 Stager Generic MSHTA Shellcode
Posted Jan 22, 2021
Authored by Armando Huesca Prida

143 bytes small Windows/x86 stager generic MSHTA shellcode.

tags | x86, shellcode
systems | windows
MD5 | cd26783c34c055b8e7b1aa54b1801d75
Linux/x86 Socat Bind Shellcode
Posted Jan 20, 2021
Authored by Felipe Winsnes

113 bytes small Linux/x86 Socat bind shellcode.

tags | x86, shellcode
systems | linux
MD5 | bb6b9dc9e8fde4989a5257fab4161276
Linux/x86 Bindshell Shellcode
Posted Jan 15, 2021
Authored by ac3

65 bytes small Linux/x86 bindshell shellcode that binds /bin/sh to TCP/0.0.0.0:13377.

tags | x86, tcp, shellcode
systems | linux
MD5 | b50ae92a79eb994d20eae879ab538a64
Intel Matrix Storage Event Monitor 8.0.0.1039 Unquoted Service Path
Posted Jan 5, 2021
Authored by Geovanni Ruiz

Intel Matrix Storage Event Monitor x86 version 8.0.0.1039 suffers from an IAANTMON unquoted service path vulnerability.

tags | exploit, x86
MD5 | d63cbd50d7684008b682c1026d6a9f5d
Linux/x86 Reverse TCP Shellcode
Posted Dec 31, 2020
Authored by Stylianos Voukatas

114 bytes small Linux/x86 reverse TCP shellcode.

tags | x86, tcp, shellcode
systems | linux
MD5 | 736ab2fee6b1fc77956e403631161630
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
Posted Dec 17, 2020
Authored by wvu, Hacker Fantastic, Jeffrey Martin, Aaron Carreras, Jacob Thompson | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.

tags | exploit, overflow, x86
systems | solaris
advisories | CVE-2020-14871
MD5 | 10f67723ac23f05d8cba2e16ff2e467a
Solaris SunSSH 11.0 x86 libpam Remote Root
Posted Dec 15, 2020
Authored by Hacker Fantastic

Solaris SunSSH versions 10 through 11.0 on x86 libpam remote root exploit.

tags | exploit, remote, x86, root
systems | solaris
advisories | CVE-2020-14871
MD5 | 8fbea7fde1a23252954cc85134e98724
Encrypted Linux x86-64 Loadable Kernel Modules (ELKM)
Posted Dec 4, 2020
Authored by cenobyte

Whitepaper called Encrypted Linux x86-64 Loadable Kernel Modules (ELKM). The aim is to protect kernel-based rootkits and implants against observation by EndpointDetection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling.

tags | paper, x86, kernel
systems | linux
MD5 | 71edce142a1b2975b9d4d10c1398f3b2
SunSSH Solaris 10.0 / 11.0 x86 Remote Root
Posted Nov 9, 2020
Authored by Hacker Fantastic

A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer of 512 bytes on the stack and parses a username supplied to PAM modules (such as authtok_get used by SunSSH). This issue can be reached remotely pre-authentication via SunSSH when "keyboard-interactive" is enabled to use PAM based authentication. The vulnerability was discovered being actively exploited by FireEye in the wild and is part of an APT toolkit called "EVILSUN". The vulnerability is present in both SPARC/x86 versions of Solaris and others (eg. illumos). This exploit uses ROP gadgets to disable nxstack through mprotect on x86 and a helper shellcode stub. Tested against latest Solaris 10 without patch applied and the configuration is vulnerable in a default vanilla install. This exploit requires libssh2, the vulnerability has been identified and confirmed reachable on Solaris 10 through 11.0.

tags | exploit, overflow, x86, shellcode
systems | solaris
advisories | CVE-2020-14871
MD5 | 3fbcd0fdda16b92f50dc244f60276db1
Linux/x86 Reverse TCP Shellcode
Posted Aug 24, 2020
Authored by Xenofon Vassilakopoulos

84 bytes small Linux/x86 reverse TCP shellcode.

tags | x86, tcp, shellcode
systems | linux
MD5 | d27c925e63f6be65e2fe56789bbf7646
Linux/x86 execve /bin/sh Shellcode
Posted Aug 21, 2020
Authored by cybersaki

10 bytes small Linux/x86 execve "/bin/sh" shellcode.

tags | x86, shellcode
systems | linux
MD5 | 17eba74611ee88dd5e7b38ff76974d98
Linux/x86 /dev/sda Partition Wiping Shellcode
Posted Aug 21, 2020
Authored by cybersaki

35 bytes small Linux/x86 /dev/sda wiping shellcode.

tags | x86, shellcode
systems | linux
MD5 | 19e25cdfd1453bac178a73395ba04bfa
Linux/x86 Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode
Posted Jul 24, 2020
Authored by danf42

35 bytes small Linux/x86 Egghunter(0x50905090) + sigaction + execve(/bin/sh) shellcode.

tags | x86, shellcode
systems | linux
MD5 | f1b110ff59b4adb7c79737eb1fc046c4
Windows/x86 mshta.exe Download Shellcode
Posted Jul 24, 2020
Authored by Siddharth Sharma

100 bytes small Windows/x86 download using mshta.exe shellcode.

tags | x86, shellcode
systems | windows
MD5 | 35ca25f1d948941abefae3daa165c025
Cisco AnyConnect Path Traversal / Privilege Escalation
Posted Jun 25, 2020
Authored by Yorick Koster, Christophe de la Fuente, Antoine Goichot | Site metasploit.com

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).

tags | exploit, arbitrary, x86, local, tcp, code execution
systems | cisco, windows, 7
advisories | CVE-2020-3153
MD5 | 0ce466f922be78b19e5b1169c13ef711
Keystone 0.9.2
Posted Jun 23, 2020
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go and Rust available and also has native support for Windows and various Unix flavors.

Changes: Added a better installer for Linux , an Ethereum VM architecture, and various other updates.
tags | tool, x86, python, ruby
systems | windows, unix
MD5 | 358fb4dc10cac08d9463bb9c2c7a8695
Linux/x86 /etc/hosts Mapping Add Polymorphic Shellcode
Posted Jun 15, 2020
Authored by Xenofon Vassilakopoulos

102 bytes small Linux/x86 add map in /etc/hosts file polymorphic shellcode.

tags | x86, shellcode
systems | linux
MD5 | 979a6e0e42c8f46c1647b1c2de0c533a
Linux/x86 Tiny Read Polymorphic Shellcode
Posted Jun 9, 2020
Authored by Xenofon Vassilakopoulos

75 bytes small Linux/x86 tiny read polymorphic shellcode.

tags | x86, shellcode
systems | linux
MD5 | d6f58fd7c7c280218ab60f1656e524b7
Microsoft Windows NtUserMNDragOver Local Privilege Escalation
Posted May 8, 2020
Authored by Clement LECIGNE, timwr, Grant Willcox | Site metasploit.com

This Metasploit module exploits a NULL pointer dereference vulnerability in MNGetpItemFromIndex(), which is reachable via a NtUserMNDragOver() system call. The NULL pointer dereference occurs because the xxxMNFindWindowFromPoint() function does not effectively check the validity of the tagPOPUPMENU objects it processes before passing them on to MNGetpItemFromIndex(), where the NULL pointer dereference will occur. This module has been tested against Windows 7 x86 SP0 and SP1. Offsets within the solution may need to be adjusted to work with other versions of Windows, such as Windows Server 2008.

tags | exploit, x86
systems | windows, 7
advisories | CVE-2019-0808
MD5 | e65eeb8c736544fe952269396a557f62
Linux/x86 Egghunter Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

39 bytes small Linux/x86 egghunter null-free shellcode. The egghunter dynamically searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs.

tags | x86, shellcode
systems | linux
MD5 | 3cc1d7e8ad5391ad63e8cd52726be7e0
Linux/x86 Reverse Shell Generator Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address.

tags | shell, x86, tcp, shellcode
systems | linux
MD5 | 937201f1ff92ab4fabd623cad7224a07
Linux/x86 Dynamic MMX+FPU Encoded Add Root User Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

tags | x86, root, shellcode
systems | linux
MD5 | b4cd1c73f54aff707a22b55b2944bd8d
Linux/x86 Add Root User Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

107 bytes small Linux/x86 shellcode that adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

tags | x86, root, shellcode
systems | linux
MD5 | 20be4a130a7c7deaf759ff5c00029968
Microsoft Windows Firewall Disabling Shellcode
Posted Apr 20, 2020
Authored by Bobby Cooke

644 bytes small Microsoft Windows x86 shellcode that disables the Windows firewall, adds the user MajinBuu with password TurnU2C@ndy!! to the system, adds the user MajinBuu to the local groups Administrators and Remote Desktop Users, and then enables the RDP Service.

tags | remote, x86, local, shellcode
systems | windows
MD5 | a1d9a1235afb2e385b7e22e9cfe721eb
Page 1 of 37
Back12345Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close