171 bytes small Windows/x86 shellcode with a new method to find the kernel32 base address by walking down the stack and look for a possible Kernel32 address using a custom SEH handler. Each address found on the stack will be tested using the Exception handling function. If it's valid and starts with 7, then it's a possible kernel32 address.
e7941faf4a7799cf5e35fcf962b075b17a9570e4f37e959633b2962f8d3bf53d133 bytes small Windows/x86 kernel32 base address / memory sieve method shellcode.
02598a837cdf14b2aa15f8aa989595e031da15dac8d7e4835e2d041eda455355458 bytes small Windows/x86 download file and execute dynamic PEB and EDT method shellcode.
373527dc3abce798f323c157f33b7e37a9ae39642431558cc7be8a6423eec576Windows/x86 bind TCP shellcode / dynamic PEB and EDT method null-free shellcode. This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length.
7dd9706d9d60f259d8e6ef790111d2ef99c07abddaae6debfdc64b5c0856ce2f178 bytes small Windows/x86 shellcode that pops calc.exe. The shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. It also uses a hash function to dynamically gather the required symbols without worry about the length. Finally, the shellcode pops the calc.exe using WinExec and exits gracefully using TerminateProcess.
9b19277190c962885d3585247da068c374f5db74bbb693ce9cb6fe906a1118a8330 bytes small Windows/x86 reverse TCP shellcode that connects to 192.168.201.11:4444.
12149f06ca22bb6ea072202a3c3d714fb9e0922026292c67e2fc3c768fa2b30fLinux/x86 egghunter reverse TCP shell shellcode generator with dynamic IP and port.
f381e9e627457c622f41f2e0f02fd7275a109fbf7c64277852a12fa68a12f38386 bytes small Linux/x86 reverse TCP shell with dynamic IP and port binding shellcode.
098ad2f853874de86f3c54be8fe5f0603e48dcd1deaae5ff49d0f3c6ecd04c34102 bytes small Linux/x86 bindshell shellcode with dynamic port binding.
5c78bdabecd99971442c81d97f0c4cac565a54711d65cfb78e5c749c02cc5a5aSolaris SunSSH version 11.0 on x86 libpam remote root exploit.
678892d62f9d4edd74e135ec10ed7cd1fb0389a420617db1549d49e581caa0dbLinux/x86 custom shellcode ASCII And-Sub encoder.
e94e7d4fd85ab353e369c5db6283be701e1beb64be40051eb7290608b3d9b33570 bytes small Linux/x86 shellcode with XOR decoder stub and fstenv MMX FPU spawning a /bin/sh shell.
11b3b90f9432231138d2380813aec5392fb07dbce222b7123fb12312d6eaa00729 bytes small Linux/x86 shellcode that performs setreuid to 0 and then executes /bin/sh.
e6a46129d157e756ab079a8bd8c0b4fb71e4329d98e97809fa092cf1d9ec5876It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
2804a214253fb2c002641f38c8aae9e4023d617f9897b0c5c01ff06e5794df2bUbuntu Security Notice 4916-1 - It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
731316af4af43b6a4f4a4888d410c88049b391c7650608ca1fd2ed0566f0f14117 bytes small Linux/x86 execve(/bin/sh) shellcode.
0d57e5917177f7b2c8c614412ee8c4d46b75b72f8a5547e97bce99f62fabc111Ubuntu Security Notice 4912-1 - Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
590166453ec29f1473b4cb64bcf7651991eb909ac482b366e52b4648a1f60409240 bytes small Windows/x86 add user Alfred to administrators/remote desktop users group shellcode.
87baea02c93852f7ff91efddf99dce46312ecdece68e0c0d68050ac306f14f2d143 bytes small Windows/x86 stager generic MSHTA shellcode.
b3750f247e2ed7dcb6ee222de9c4f5ac7edab96f0e3914f254fe001ae66530ba113 bytes small Linux/x86 Socat bind shellcode.
8582129220ea4d9eff4d86d04649d9798ba7ff744aa5aa89e2c6803aaf18c07565 bytes small Linux/x86 bindshell shellcode that binds /bin/sh to TCP/0.0.0.0:13377.
0b6f0d113dff3fe9e7fd8830f15d89012a24c53b6fd740940fa27df4be7c06feIntel Matrix Storage Event Monitor x86 version 8.0.0.1039 suffers from an IAANTMON unquoted service path vulnerability.
53a6ec5e6199676d3685d5babcf43c618caa8d1dbff3b3ae796deb36a20a2cab114 bytes small Linux/x86 reverse TCP shellcode.
2683c644409206f0c3a9aae6d82afb5a6f04a316245fb265c0cdab4441651ee1This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in VirtualBox, VMware Fusion, and VMware Player. Bare metal untested. Your addresses may vary.
255a53ba4764640c38d52b8d61674d66f25d7a11c08ebc0d8b26cc5cdb1d4aceSolaris SunSSH versions 10 through 11.0 on x86 libpam remote root exploit.
93c50138db56dcc96e612d0fa56cca01459695d4f656345667a2e4fdec807e5d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed