33 bytes small Linux/x86 egghunter null-free shellcode.
146a5ad8da7bf358cba71d6ad35173b50c272b32445c081fabb654c79207f8f1
26 bytes small Linux/x86 reboot polymorphic shellcode.
fa0f3f8ad9bda717bb3a92c58de936f8932a7a2db2e9f6502cd29ab55ef3bb75
210 bytes small WinExec add-admin dynamic null-free shellcode.
10713fa81c6b58fcd1c43a985c9e7b83cdaf08f492d771955a5ea71c5bbd68e4
232 bytes small Dynamic MessageBoxA||W PEB and Import Table Method shellcode.
a59207d673c6ae2ce3319ba16803d2d5ba9f5bd698e3c783ec0895dedd0d7478
This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.
a5ee5e57a9ca7e2030588e33fb91d4f11725ab4661382274202790f8a15b4fc7
195 bytes small Windows/x86 null-free WinExec Calc.exe shellcode.
fee44adfb0bfdb2c7192391912bf356c70e5e8f50319f258fd2597def6aa0826
223 bytes small dynamic, null-free popcalc shellcode.
ccec09da16241f30e89ce97e28ccdeb241bc7e67959a796c987fe611acbc4e6a
114 bytes small Linux/x86 bind shell generator shellcode.
1e7612da16986e3cb4c25c855cdc90ea5787caa9e5e7169bf210c923678fd670
571 bytes small Microsoft Windows x86 dynamic bind shell and null-free shellcode.
a068c7e3daa600ac751e275e9f857994e6ea8a69b04243dda2a23d6d42f2ea2d
9 bytes small Microsoft Windows 7 screen locking shellcode.
fc1431ed92ba6d673f84f58b86ea42ac5a467f0e1b9ce283fce744ce538aed69
114 bytes small Linux/x86 random bytes encoder and XOR/SUB/NOT/ROR execve(/bin/sh) shellcode.
2dbd4a1919be580f520b2a4edd6ce283b63f03a3f27a52199c2c25669683a750
66 bytes small Linux/x86 Execve() alphanumeric shellcode.
c80b7af5e1f064c621aae312298ea6dfd091d45a1194f818ea0fae53012fca9d
53 bytes small Linux/x86_x64 sys_creat("ajit", 0755) shellcode.
a78386e6925c4c7622dc2d1a9270b66cf3cbc0c50e6f09d58c4768ff8f87dce6
117 bytes small Linux/x86 encoding of random bytes + XOR/SUB/NOT/ROR and also decodes ROL/NOT/ADD/XOR execve(/bin/sh) shellcode.
b82dfb8d4d91af3595f567041ee05b15504b8214cc59b1d265373db0258eb1ba
188 bytes small Lnux/x64 reverse TCP stager shellcode.
591019260910193e4c2e2e0f050fbb9e22e4ce33e8a1c99cfcee1b71f9f72dc2
47 bytes small Linux/x86 (NOT|ROT+8 Encoded) execve(/bin/sh) null free shellcode.
5126a940c58c7f5f3299183cf28243ed1ac37a3f18ff919c6188dec22e23f309
42 bytes small Linux/x86 execve(/bin/sh) socket reuse shellcode.
06940cd962d0fb34cda215179e7f8392804cd9243f8253e5bd126a6f374b2d79
74 bytes small add user User to /etc/passwd shellcode.
3f2771c906ec4704d9721c76ce05ec176438b7108d68118ba748721929fafd19
25 bytes small Linux/x86 execve /bin/sh shellcode.
6ec3a762f49cf073c4aaf48e89626df8b0be9238e36987f32f78d2e3bcc88c5d
91 bytes small Linux/x86 reverse shell NULL free 127.0.0.1:4444 shellcode.
e41394ff0ce73676c56d6dc657e2f1f811e92852a6ff50e91919a685056dc893
59 bytes small Linux/x86 add user to /etc/passwd shellcode.
918c61c93c872f56062369ffa875b4e1f3a8d5bf7f31b8e797616444b1efe92b
This Metasploit module exploits a stack buffer overflow in ASX to MP3 converter 3.1.3.7. By constructing a specially crafted ASX file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode. Tested on: Microsoft Windows 7 Enterprise, 6.1.7601 Service Pack 1 Build 7601, x64-based PC Microsoft Windows 10 Pro, 10.0.18362 N/A Build 18362, x64-based PC.
e27f76fce1e05296187e75ec93fc7559ee0cdd83d3e77119ce5f0607fb4069de
20 bytes small Linux/ARM fork bombing shellcode.
817fbcb25dabcab53e270fd807a2b136612d260c448219c344e92fa102bc3944
132 bytes small Linux/x86 NOT + XOR-N + random encoded /bin/sh shellcode.
0b23de6ec5c6e6b408103df4a217ec69f9bdb8b72445a298282426667895f102
53 bytes small Linux/x86 bind TCP port 43690 null-free shellcode.
72ee8e6b0c1bb5959452806f1adf21697514884ba37f888de728a9f0fdb94820