102 bytes small Linux/x86 add map in /etc/hosts file polymorphic shellcode.
8c6be862cdd489e1e40cc44a7b3b8708d5796e21512c87f10dde7e74ba320238
124 bytes small ASLR deactivation polymorphic shellcode.
f35cfa4088dc8782ee00e5aec94711939df5ad8baab85cfcf1521e6a2ed57337
75 bytes small Linux/x86 tiny read polymorphic shellcode.
a509e58b18807ea1af8ff4869ec95f922023610871e8db9cc792dc98ccd6680c
198 bytes small macOS/x64 RickRolling shellcode.
45c7075c008f666fbb2fd9dadac0c02ddf70076745868d713f14861c733cdd1e
113 bytes small Linux/x64 anti-debug trick (INT3 trap) with execve("/bin/sh") shellcode that is NULL free.
22961b45b5d956fcd59277ee56779b00f2f5f370abf5c42935f6e786b276c885
39 bytes small Linux/x86 egghunter null-free shellcode. The egghunter dynamically searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs.
f15f64c0d4291382054a30e3697719a38ea41de5b89587531e1baff5818409e8
80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address.
b6288f9069a67ab9a6e3d01fe3b23d7615e89b3fbb4002b6507be11140b269ff
155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.
d72edd6daaf006feaf82398a3b67d4281ff9258ee56eeaedca56c7d0ab3e4980
107 bytes small Linux/x86 shellcode that adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.
e9483cceb2d45bc3e4c29c88655dc4a6e6bcedc432d98e81e5ab936189311836
57 bytes small Linux/x64_86 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload.
0b2a9ee02c0b7d0258cad51519bebf538bc5adf11a6b79a09c2f9a31449092a7
272 bytes small Linux/x86_64 null free password protected bindshell shellcode.
3b354d90a8edf71f759af7fb2d5a48d129b38945626e7de89ff29bd0b2c1fa8f
63 bytes small Linux/x64_86 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve(/bin/bash) shellcode.
c3ff54b357a821a1566c2d7a70204024eb13af4cdf6c240a1725a87696156951
644 bytes small Microsoft Windows x86 shellcode that disables the Windows firewall, adds the user MajinBuu with password TurnU2C@ndy!! to the system, adds the user MajinBuu to the local groups Administrators and Remote Desktop Users, and then enables the RDP Service.
45196bef615997ff1457d3b58b9dd0c6f69545d940fc57d196cd73a34f489870
33 bytes small Linux/x86 egghunter null-free shellcode.
146a5ad8da7bf358cba71d6ad35173b50c272b32445c081fabb654c79207f8f1
26 bytes small Linux/x86 reboot polymorphic shellcode.
fa0f3f8ad9bda717bb3a92c58de936f8932a7a2db2e9f6502cd29ab55ef3bb75
210 bytes small WinExec add-admin dynamic null-free shellcode.
10713fa81c6b58fcd1c43a985c9e7b83cdaf08f492d771955a5ea71c5bbd68e4
232 bytes small Dynamic MessageBoxA||W PEB and Import Table Method shellcode.
a59207d673c6ae2ce3319ba16803d2d5ba9f5bd698e3c783ec0895dedd0d7478
195 bytes small Windows/x86 null-free WinExec Calc.exe shellcode.
fee44adfb0bfdb2c7192391912bf356c70e5e8f50319f258fd2597def6aa0826
223 bytes small dynamic, null-free popcalc shellcode.
ccec09da16241f30e89ce97e28ccdeb241bc7e67959a796c987fe611acbc4e6a
114 bytes small Linux/x86 bind shell generator shellcode.
1e7612da16986e3cb4c25c855cdc90ea5787caa9e5e7169bf210c923678fd670
571 bytes small Microsoft Windows x86 dynamic bind shell and null-free shellcode.
a068c7e3daa600ac751e275e9f857994e6ea8a69b04243dda2a23d6d42f2ea2d
9 bytes small Microsoft Windows 7 screen locking shellcode.
fc1431ed92ba6d673f84f58b86ea42ac5a467f0e1b9ce283fce744ce538aed69
114 bytes small Linux/x86 random bytes encoder and XOR/SUB/NOT/ROR execve(/bin/sh) shellcode.
2dbd4a1919be580f520b2a4edd6ce283b63f03a3f27a52199c2c25669683a750
66 bytes small Linux/x86 Execve() alphanumeric shellcode.
c80b7af5e1f064c621aae312298ea6dfd091d45a1194f818ea0fae53012fca9d
53 bytes small Linux/x86_x64 sys_creat("ajit", 0755) shellcode.
a78386e6925c4c7622dc2d1a9270b66cf3cbc0c50e6f09d58c4768ff8f87dce6