查看完整版本: [ Shellcodez Query ] 毒箭羽翼

• IE6下比较通用的VML exploit (3 篇回复)
• Softbiz Freelancers Script v.1 Remote SQL Injection Exploit (3 篇回复)
• Microsoft Internet Explorer TIF/TIFF Code Execution (MS07-055) (4 篇回复)
• Pic LPd 存在远程溢出问题 (3 篇回复)
• solaris/sparc download and execute 278 bytes (3 篇回复)
• Download & Exec polymorphed shellcode Engine (1 篇回复)
• linux/x86 execve read shellcode - 92 bytes (1 篇回复)
• linux/x86 /sbin/ipchains -F 41 bytes (1 篇回复)
• linux/x86 set system time to 0 and exit 15 bytes (1 篇回复)
• linux/x86 add root user r00t with no password to /etc/passwd 69 bytes (1 篇回复)
• linux/x86 chmod 0666 /etc/shadow 36 bytes (1 篇回复)
• linux/x86 forkbomb 7 bytes (1 篇回复)
• linux/x86 execve(rm -rf /) shellcode 48 bytes (1 篇回复)
• linux/x86 setuid(0) + execve(/bin/sh) 28 bytes (1 篇回复)
• linux/x86 execve(/bin/sh) 22 bytes (1 篇回复)
• linux/x86-64 execve(/bin/sh) 33 bytes (1 篇回复)
• Utility for generating HTTP/1.x requests for shellcodes (1 篇回复)
• linux/x86 HTTP/1.x GET, Downloads and execve() 111 bytes+ (1 篇回复)
• solaris/sparc executes command after setreuid (92 bytes + cmd) (1 篇回复)
• Aix execve /bin/sh 88 bytes (1 篇回复)
• win64 (URLDownloadToFileA) download and execute 218+ bytes (1 篇回复)
• linux/x86 executes command after setreuid (9 + 40 bytes + cmd) (1 篇回复)
• solaris/sparc connect-back (with XNOR encoded session) 600 bytes (1 篇回复)
• linux/x86 stdin re-open and /bin/sh exec shellcode (1 篇回复)
• linux/x86 re-use of /bin/sh string in .rodata shellcode 16 bytes (1 篇回复)
• linux/x86 setuid(0) and /bin/sh execve() shellcode 30 bytes (2 篇回复)
• linux/x86 setuid/portbind shellcode 96 bytes (1 篇回复)
• bsd/x86 setuid/execve shellcode 30 bytes (1 篇回复)
• bsd/x86 setuid/portbind shellcode 94 bytes (1 篇回复)
• freebsd/x86 portbind 4883 with auth shellcode (1 篇回复)
• win32 Beep Shellcode (SP1/SP2) 35 bytes (1 篇回复)
• linux/x86 execve() Diassembly Obfuscation Shellcode 32 bytes (1 篇回复)
• linux/x86 SET_PORT() portbind 100 bytes (1 篇回复)
• linux/x86 SET_IP() Connectback Shellcode 82 bytes (1 篇回复)
• linux/x86 execve(/bin/sh) 24 bytes (1 篇回复)
• os-x/ppc sync(), reboot() 32 bytes (1 篇回复)
• os-x/ppc execve(/bin/sh), exit() 72 bytes (1 篇回复)
• openbsd/x86 execve(/bin/sh) 23 bytes (1 篇回复)
• linux/amd64 connect-back semi-stealth shellcode 88+ bytes (1 篇回复)
• freebsd/x86 reboot(RB_AUTOBOOT) Shellcode 7 bytes (1 篇回复)
• linux/x86 xor-encoded Connect Back Shellcode 371 bytes (1 篇回复)
• linux/x86 execve(/bin/sh) + ZIP Header 28 bytes (1 篇回复)
• linux/x86 execve(/bin/sh) + RTF Header 30 bytes (1 篇回复)
• linux/x86 execve(/bin/sh) + RIFF Header 28 bytes (1 篇回复)
• linux/x86 execve(/bin/sh) + Bitmap Header 27 bytes (1 篇回复)
• linux/x86 SWAP restore shellcode 109 bytes (1 篇回复)
• linux/x86 SWAP store shellcode 99 bytes (1 篇回复)
• win32 Beep Shellcode (SP1/SP2) 35 bytes (1 篇回复)
• freebsd/x86 execve /bin/sh 23 bytes (1 篇回复)
• linux/x86 setreuid(0,0) execve... (1 篇回复)
• linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes (1 篇回复)
• linux/x86 Password Authentication portbind Shellcode 166 bytes (1 篇回复)
• linux/x86 portbind (port 64713) 86 bytes (1 篇回复)
• linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 25 bytes (1 篇回复)
• linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 23 bytes (1 篇回复)
• linux/x86 setuid(0) + execve... (1 篇回复)
• download and execute shellcode for Windows XP (1 篇回复)
• Generic download/execute shellcode for win32 (1 篇回复)
• linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+ (1 篇回复)
• linux/x86 TCP Proxy Shellcode 236 bytes (1 篇回复)
• linux/x86 execve /bin/sh anti-ids 40 bytes (1 篇回复)
• linux/x86 execve /bin/sh xored for Intel x86 CPUID 41 bytes (1 篇回复)
• linux/x86 execve /bin/sh (encoded by +1) 39 bytes (1 篇回复)
• win32/xp sp2 Pop up message box 110 bytes (1 篇回复)
• win32 WinExec() Command Parameter 73+ bytes (1 篇回复)
• linux/x86 Adduser without Password to /etc/passwd 59 bytes (1 篇回复)
• linux/x86 anti-debug trick (INT 3h trap) + execve /bin/sh 39 bytes (1 篇回复)
• linux/x86 Bind /bin/sh to 31337/tcp 80 bytes (1 篇回复)
• linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes (1 篇回复)
• linux/x86 24/7 open cd-rom loop (follows /dev/cdrom symlink) 39 bytes (1 篇回复)
• linux/x86 eject cd-rom (follows /dev/cdrom symlink) + exit() 40 bytes (1 篇回复)
• linux/x86 eject/close cd-rom loop (follows /dev/cdrom symlink) 45 bytes (1 篇回复)
• linux/x86 chmod(/etc/shadow, 0666) + exit() 32 bytes (1 篇回复)
• linux/x86 connect-back shellcode 127.0.0.1:31337/tcp 74 bytes (1 篇回复)
• linux/x86 normal exit w/ random (so to speak) return value 5 bytes (1 篇回复)
• linux/x86 getppid() + execve(/proc/pid/exe) 51 bytes (1 篇回复)
• linux/x86 quick (yet conditional, eax != 0 and edx == 0) exit 4 bytes (1 篇回复)
• linux/x86 reboot() - 20 bytes (1 篇回复)
• linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes (1 篇回复)
• linux/x86 execve(/bin/sh) / PUSH - 23 bytes (1 篇回复)