Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:01:43 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2028460062&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Shellcode%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fshellcode%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2028460062.1338192103.1338192103.1338192103.1%3B%2B__utmz%3D32867617.1338192103.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112681/dash-shellcode.c http://packetstormsecurity.org/files/112681/dash-shellcode.c http://packetstormsecurity.org/files/112681/Linux-x86-execve-bin-dash-Shellcode.html Mon, 14 May 2012 19:22:22 GMT 42 bytes small Linux/x86 execve(/bin/dash) shellcode. http://packetstormsecurity.org/files/111484/nc13377-shellcode.txt http://packetstormsecurity.org/files/111484/nc13377-shellcode.txt http://packetstormsecurity.org/files/111484/Linux-nc-lvve-bin-sh-p13377-Shellcode.html Mon, 02 Apr 2012 09:22:22 GMT Linux/x86 nc -lvve/bin/sh -p13377 shellcode. http://packetstormsecurity.org/files/110701/adduserpasswd-shellcode.txt http://packetstormsecurity.org/files/110701/adduserpasswd-shellcode.txt http://packetstormsecurity.org/files/110701/Add-User-With-Password-Shellcode.html Mon, 12 Mar 2012 17:11:11 GMT 189 bytes small add user t0r with password of Winner shellcode for Linux x86_64. http://packetstormsecurity.org/files/110255/sysax_ssh_username_bof.py.txt http://packetstormsecurity.org/files/110255/sysax_ssh_username_bof.py.txt http://packetstormsecurity.org/files/110255/Sysax-5.53-SSH-Username-Buffer-Overflow-Exploit.html Mon, 27 Feb 2012 21:11:11 GMT Sysax Multi Server versions 5.53 and below SSH username buffer overflow pre-authentication remote code execution exploit with egghunter shellcode that binds a shell to port 4444. http://packetstormsecurity.org/files/110254/sysax_sftp.py.txt http://packetstormsecurity.org/files/110254/sysax_sftp.py.txt http://packetstormsecurity.org/files/110254/Sysax-Multi-Server-5.53-SFTP-Post-Auth-SEH-Exploit.html Mon, 27 Feb 2012 19:22:22 GMT Sysax Multi Server version 5.53 SFTP post authentication SEH exploit with egghunter shellcode that binds a shell to port 4444. http://packetstormsecurity.org/files/110105/linux-bash333tcp.c http://packetstormsecurity.org/files/110105/linux-bash333tcp.c http://packetstormsecurity.org/files/110105/Linux-x86-BackShell-TCP-bash-dev-tcp-execve-bin-sh-Shellcode.html Thu, 23 Feb 2012 05:14:43 GMT 62 bytes small Linux/x86 BackShell-TCP bash[/dev/tcp],execve(/bin/sh) shellcode. http://packetstormsecurity.org/files/109875/java_mixer_sequencer.rb.txt http://packetstormsecurity.org/files/109875/java_mixer_sequencer.rb.txt http://packetstormsecurity.org/files/109875/Java-MixerSequencer-Object-GM_Song-Structure-Handling.html Fri, 17 Feb 2012 03:27:33 GMT This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates. http://packetstormsecurity.org/files/109702/speaking-shellcode.txt http://packetstormsecurity.org/files/109702/speaking-shellcode.txt http://packetstormsecurity.org/files/109702/Win32-Speaking-Shellcode.html Sun, 12 Feb 2012 15:54:56 GMT Win32 speaking shellcode that says "You are owned!" when injected into a process. http://packetstormsecurity.org/files/109627/os-xbind.c http://packetstormsecurity.org/files/109627/os-xbind.c http://packetstormsecurity.org/files/109627/OS-X-x86-Port-Binding-Shellcode.html Fri, 10 Feb 2012 22:15:15 GMT 97 bytes small OS X / x86 shellcode that binds a shell to port 4444. http://packetstormsecurity.org/files/109624/sysax_file_rename.py.txt http://packetstormsecurity.org/files/109624/sysax_file_rename.py.txt http://packetstormsecurity.org/files/109624/Sysax-Multi-Server-5.52-Buffer-Overflow.html Fri, 10 Feb 2012 22:12:14 GMT Sysax Multi Server version 5.52 and below file rename buffer overflow exploit with egghunter shellcode that spawns a shell on port 4444. http://packetstormsecurity.org/files/109471/Egg_Hunter_BisonWare_FTP_Server.pdf http://packetstormsecurity.org/files/109471/Egg_Hunter_BisonWare_FTP_Server.pdf http://packetstormsecurity.org/files/109471/Egg-Hunting-Against-BisonWare-FTP-Server.html Tue, 07 Feb 2012 00:16:19 GMT This whitepaper goes into detail on how to use egg hunting shellcode in order to exploit a BisonWare FTP server. http://packetstormsecurity.org/files/109249/Beep-Beep-Shell-Code.txt http://packetstormsecurity.org/files/109249/Beep-Beep-Shell-Code.txt http://packetstormsecurity.org/files/109249/Win32-XP-Pro-SP3-Beep-Beep-Shellcode.html Tue, 31 Jan 2012 05:18:45 GMT Win32/XP Pro SP3 (EN) 32-bit beep beep shellcode. http://packetstormsecurity.org/files/109170/kraken-script.rar http://packetstormsecurity.org/files/109170/kraken-script.rar http://packetstormsecurity.org/files/109170/Kraken-Payload-Generator-Beta-1.0.html Fri, 27 Jan 2012 23:42:28 GMT Kraken Payload Generator is a bash script that makes use of msfpayload to generate various shellcode. http://packetstormsecurity.org/files/109097/lnx_upwd.c.txt http://packetstormsecurity.org/files/109097/lnx_upwd.c.txt http://packetstormsecurity.org/files/109097/Linux-x86-Add-New-User-Password-Shellcode.html Wed, 25 Jan 2012 23:18:08 GMT 180 bytes small Linux/x86 add new user/password shellcode. http://packetstormsecurity.org/files/109089/php_back.c.txt http://packetstormsecurity.org/files/109089/php_back.c.txt http://packetstormsecurity.org/files/109089/Linux-x86-Search-Inject-PHP-Backdoor-Shellcode.html Wed, 25 Jan 2012 21:44:42 GMT This Linux/x86 shellcode searches .php files and injects a PHP backdoor into them. http://packetstormsecurity.org/files/108908/savant31-overflow.txt http://packetstormsecurity.org/files/108908/savant31-overflow.txt http://packetstormsecurity.org/files/108908/Savant-Web-Server-3.1-Buffer-Overflow.html Sat, 21 Jan 2012 18:04:22 GMT Savant Web Server version 3.1 buffer overflow exploit with shellcode that binds to port 4444. http://packetstormsecurity.org/files/108766/linuxsearch-shellcode.txt http://packetstormsecurity.org/files/108766/linuxsearch-shellcode.txt http://packetstormsecurity.org/files/108766/Linux-Search-Shellcode.html Wed, 18 Jan 2012 01:07:48 GMT This shellcode writes down your code in the end of found files. Your code will be added only .html and .php files. Search for files is carried out recursively. http://packetstormsecurity.org/files/108695/bsdpm.c.txt http://packetstormsecurity.org/files/108695/bsdpm.c.txt http://packetstormsecurity.org/files/108695/BSD-x86-execve-bin-sh-c-etc-master.passwd-setreuid-0-0-Shellcode.html Mon, 16 Jan 2012 02:40:55 GMT 94 bytes small BSD/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode. http://packetstormsecurity.org/files/108685/linuid00-shellcode.txt http://packetstormsecurity.org/files/108685/linuid00-shellcode.txt http://packetstormsecurity.org/files/108685/Linux-x86-sys_execve-bin-sh-setresuid-0-0-0-exit-0-Shellcode.html Sun, 15 Jan 2012 14:44:44 GMT 102 bytes small Linux/x86 sys_execve ["/bin/sh"] setresuid(0,0,0) exit(0) shellcode. http://packetstormsecurity.org/files/108617/ms05_054_onload.rb.txt http://packetstormsecurity.org/files/108617/ms05_054_onload.rb.txt http://packetstormsecurity.org/files/108617/Microsoft-Internet-Explorer-JavaScript-OnLoad-Handler-Remote-Code-Execution.html Fri, 13 Jan 2012 01:07:12 GMT This bug is triggered when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window()' JavaScript function. This exploit results in a call to an address lower than the heap. The javascript prompt() places the shellcode near where the call operand points to. The module calls prompt() multiple times in separate iframes to place our return address. The module hides the prompts in a popup window behind the main window and then it will spray the heap a second time with the shellcode and point the return address to the heap. It then uses a fairly high address to make this exploit more reliable. IE will crash when the exploit completes. Also, please note that Internet Explorer must allow popups in order to continue exploitation. http://packetstormsecurity.org/files/108278/add-user-polymorph.c http://packetstormsecurity.org/files/108278/add-user-polymorph.c http://packetstormsecurity.org/files/108278/Polymorphic-Add-User-Shellcode.html Sun, 01 Jan 2012 16:56:38 GMT Linux/x86 polymorphic shellcode that escalates uid/gid and adds user iph to /etc/passwd without a password. http://packetstormsecurity.org/files/108146/ConstruindoShellcodes.txt http://packetstormsecurity.org/files/108146/ConstruindoShellcodes.txt http://packetstormsecurity.org/files/108146/Construindo-Shellcodes.html Sun, 25 Dec 2011 06:23:27 GMT Whitepaper called Construindo Shellcodes. It discusses how to build shellcodes and use them. Written in Portuguese. http://packetstormsecurity.org/files/107736/linuxmips-connectback.txt http://packetstormsecurity.org/files/107736/linuxmips-connectback.txt http://packetstormsecurity.org/files/107736/Linux-MIPS-Connect-Back-Shellcode.html Sat, 10 Dec 2011 19:28:12 GMT 168 bytes small Linux/MIPS connect back shellcode (port 0x7a69). http://packetstormsecurity.org/files/107735/linuxmips-reboot.txt http://packetstormsecurity.org/files/107735/linuxmips-reboot.txt http://packetstormsecurity.org/files/107735/Linux-MIPS-reboot-Shellcode.html Sat, 10 Dec 2011 19:26:42 GMT 32 bytes small Linux/MIPS reboot() shellcode. http://packetstormsecurity.org/files/107492/linbinsh-shellcode.txt http://packetstormsecurity.org/files/107492/linbinsh-shellcode.txt http://packetstormsecurity.org/files/107492/Linux-x86-64-execve-bin-sh-Shellcode.html Sat, 03 Dec 2011 18:29:20 GMT 52 bytes small Linux/x86-64 execve(/bin/sh) shellcode.