| -::DATE |
-::DESCRIPTION |
-::HITS |
|
|
|
|
-::AUTHOR |
| 2009-09-15 |
linux/x86 Self-modifying shellcode for IDS evasion 64 bytes |
4247 |
R |
|
D
|
|
XenoMuta
|
| 2009-09-15 |
linux/x86 shellcode that forks a HTTP Server on port tcp/8800 166 bytes |
9131 |
R |
|
D
|
|
XenoMuta
|
| 2009-09-09 |
linux/x86 listens for shellcode on tcp/5555 and jumps to it |
4586 |
R |
|
D
|
|
XenoMuta
|
| 2009-08-26 |
linux/x86 Polymorphic shellcode disable Network Card 75 bytes |
5396 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-08-11 |
linux/x86 killall5 polymorphic shellcode 61 bytes |
4576 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-08-11 |
linux/x86 /bin/sh polymorphic shellcode 48 bytes |
6939 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-07-10 |
Linux/x86 Port Binding Shellcode (xor-encoded) 152 bytes |
6728 |
R |
|
D
|
|
Rick
|
| 2009-06-29 |
linux/x86 reboot() polymorphic shellcode 57 bytes |
6081 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-06-22 |
linux/x86 Shellcode Polymorphic chmod("/etc/shadow",666) 54 bytes |
5585 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-06-16 |
linux/x86 setreuid(geteuid(),geteuid()),execve("/bin/sh",0,0) 34 bytes |
3369 |
R |
|
D
|
|
blue9057
|
| 2009-06-08 |
linux/x86 bindport 8000 & execve iptables -F 176 bytes |
2643 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-06-08 |
linux/x86 bindport 8000 & add user with root access 225+ bytes |
4448 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-06-01 |
linux/x86 Bind ASM Code Linux 179 bytes. |
3390 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-05-14 |
linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes |
3807 |
R |
|
D
|
|
evil.xi4oyu
|
| 2009-04-30 |
Serial port shell binding, busybox Launching shellcode |
5751 |
R |
|
D
|
|
phar
|
| 2009-03-03 |
linux/x86 File unlinker 18 bytes + file path length |
5279 |
R |
|
D
|
|
darkjoker
|
| 2009-03-03 |
linux/x86 Perl script execution 99 bytes + script length |
9092 |
R |
|
D
|
|
darkjoker
|
| 2009-02-27 |
linux/x86 file reader 65 bytes + pathname |
5339 |
R |
|
D
|
|
certaindeath
|
| 2009-02-20 |
linux/x86 chmod("/etc/shadow",666) & exit(0) 30 bytes |
7455 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-02-04 |
linux/x86 killall5 shellcode 34 bytes |
6216 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-01-16 |
linux/x86 PUSH reboot() - 30 bytes |
9694 |
R |
|
D
|
|
Jonathan Salwan
|
| 2008-12-09 |
linux x86 shellcode obfuscator |
12409 |
R |
|
D
|
|
sm4x
|
| 2008-11-23 |
linux/x86 connect-back port UDP/54321 live packet capture 151 bytes |
5793 |
R |
|
D
|
|
XenoMuta
|
| 2008-11-23 |
linux/x86 append rsa key to /root/.ssh/authorized_keys2 295 bytes |
9427 |
R |
|
D
|
|
XenoMuta
|
| 2008-11-19 |
linux/x86 edit /etc/sudoers for full access 86 bytes |
6299 |
R |
|
D
|
|
Rick
|
| 2008-11-18 |
Ho' Detector (Promiscuous mode detector shellcode) 56 bytes |
4463 |
R |
|
D
|
|
XenoMuta
|
| 2008-11-13 |
linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 28 bytes
|
5103 |
R |
|
D
|
|
sch3m4
|
| 2008-09-29 |
linux/x86 setresuid(0,0,0) /bin/sh shellcode 35 bytes |
10276 |
R |
|
D
|
|
sorrow
|
| 2008-09-17 |
linux/x86 iopl(3); asm(cli); while(1){} 12 bytes |
8159 |
R |
|
D
|
|
dun
|
| 2008-09-09 |
linux/x86 system-beep shellcode 45 bytes |
8171 |
R |
|
D
|
|
Thomas Rinsma
|
| 2008-08-25 |
linux/x86 connect back, download a file and execute 149 bytes |
5567 |
R |
|
D
|
|
militan
|
| 2008-08-19 |
linux/86 setreuid(geteuid, geteuid) + execve(/bin/sh) shellcode |
10898 |
R |
|
D
|
|
Reth
|
| 2008-08-18 |
linux/x86 connect back.send.exit /etc/shadow 155 bytes |
4536 |
R |
|
D
|
|
0in
|
| 2008-08-18 |
linux/x86 writes a php connectback shell to the fs 508 bytes |
4390 |
R |
|
D
|
|
GS2008
|
| 2008-08-18 |
linux/x86 rm -rf / attempts to block the process from being stopped |
4152 |
R |
|
D
|
|
onionring
|
| 2008-08-18 |
linux/x86 setuid(0) . setgid(0) . aslr_off 79 bytes |
4947 |
R |
|
D
|
|
LiquidWorm
|
| 2007-04-02 |
linux/x86 raw-socket ICMP/checksum shell 235 byte |
34341 |
R |
|
D
|
|
mu-b
|
| 2007-03-09 |
linux/x86 /sbin/iptables -F 40 bytes |
26359 |
R |
|
D
|
|
Kris Katterjohn
|
| 2007-03-09 |
linux/x86 kill all processes 11 bytes |
47342 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-20 |
linux/x86 execve read shellcode - 92 bytes |
16109 |
R |
|
D
|
|
0ut0fbound
|
| 2006-11-17 |
linux/x86 /sbin/ipchains -F 40 bytes |
12806 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 set system time to 0 and exit 12 bytes |
11568 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 add root user r00t with no password to
/etc/passwd 69 bytes |
31784 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 chmod 0666 /etc/shadow 36 bytes |
14381 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 forkbomb 7 bytes |
11164 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 execve(rm -rf /) shellcode 45 bytes |
9996 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-16 |
linux/x86 setuid(0) + execve(/bin/sh) 28 bytes |
9255 |
R |
|
D
|
|
Revenge
|
| 2006-11-16 |
linux/x86 execve(/bin/sh) 22 bytes |
9593 |
R |
|
D
|
|
Revenge
|
| 2006-10-22 |
linux/x86 HTTP/1.x GET, Downloads and execve() 111 bytes+ |
10725 |
R |
|
D
|
|
izik
|
| 2006-08-02 |
linux/x86 executes command after setreuid (9 + 40 bytes + cmd) |
13969 |
R |
|
D
|
|
bunker
|
| 2006-07-20 |
linux/x86 stdin re-open and /bin/sh exec shellcode |
12599 |
R |
|
D
|
|
Marco Ivaldi
|
| 2006-07-20 |
linux/x86 re-use of /bin/sh string in .rodata shellcode 16 bytes |
10538 |
R |
|
D
|
|
Marco Ivaldi
|
| 2006-07-20 |
linux/x86 setuid(0) and /bin/sh execve() shellcode 30 bytes |
10332 |
R |
|
D
|
|
Marco Ivaldi
|
| 2006-07-20 |
linux/x86 setuid/portbind shellcode 96 bytes |
9505 |
R |
|
D
|
|
Marco Ivaldi
|
| 2006-07-04 |
linux/x86 portbind (define your own port) 84 bytes |
9894 |
R |
|
D
|
|
oveRet
|
| 2006-05-14 |
linux/x86 execve() Diassembly Obfuscation Shellcode 32 bytes |
10714 |
R |
|
D
|
|
BaCkSpAcE
|
| 2006-05-08 |
linux/x86 SET_PORT() portbind 100 bytes |
10510 |
R |
|
D
|
|
Benjamin Orozco
|
| 2006-05-08 |
linux/x86 SET_IP() Connectback Shellcode 82 bytes |
10922 |
R |
|
D
|
|
Benjamin Orozco
|
| 2006-05-01 |
linux/x86 execve(/bin/sh) 24 bytes |
12221 |
R |
|
D
|
|
hophet
|
| 2006-04-18 |
linux/x86 xor-encoded Connect Back Shellcode 371 bytes |
9172 |
R |
|
D
|
|
xort
|
| 2006-04-17 |
linux/x86 execve(/bin/sh) + ZIP Header 28 bytes |
8844 |
R |
|
D
|
|
izik
|
| 2006-04-17 |
linux/x86 execve(/bin/sh) + RTF Header 30 bytes |
7362 |
R |
|
D
|
|
izik
|
| 2006-04-17 |
linux/x86 execve(/bin/sh) + RIFF Header 28 bytes |
7309 |
R |
|
D
|
|
izik
|
| 2006-04-17 |
linux/x86 execve(/bin/sh) + Bitmap Header 27 bytes |
7661 |
R |
|
D
|
|
izik
|
| 2006-04-16 |
linux/x86 SWAP restore shellcode 109 bytes |
7332 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-16 |
linux/x86 SWAP store shellcode 99 bytes |
7313 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-06 |
linux/x86 Password Authentication portbind Shellcode 166 bytes |
10851 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-06 |
linux/x86 portbind (port 64713) 86 bytes |
8421 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 25 bytes |
8854 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 23 bytes |
8040 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 setuid(0) + execve("/bin/sh", ["/bin/sh", NULL]) 31 bytes |
7853 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes |
7604 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 setreuid(0,0) execve("/bin/sh", ["/bin/sh", NULL]) 33 bytes |
7248 |
R |
|
D
|
|
Gotfault Security
|
| 2006-03-12 |
linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+ |
9818 |
R |
|
D
|
|
izik
|
| 2006-02-07 |
linux/x86 TCP Proxy Shellcode 236 bytes |
11682 |
R |
|
D
|
|
phar
|
| 2006-01-26 |
linux/x86 execve /bin/sh anti-ids 40 bytes |
9508 |
R |
|
D
|
|
NicatiN
|
| 2006-01-25 |
linux/x86 execve /bin/sh xored for Intel x86 CPUID 41 bytes |
8772 |
R |
|
D
|
|
izik
|
| 2006-01-25 |
linux/x86 execve /bin/sh (encoded by +1) 39 bytes |
8363 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 Adduser without Password to /etc/passwd 59 bytes |
12814 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 anti-debug trick (INT 3h trap) + execve /bin/sh 39 bytes |
8127 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 Bind /bin/sh to 31337/tcp 80 bytes |
9118 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes |
8264 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 24/7 open cd-rom loop (follows /dev/cdrom symlink) 39 bytes |
7786 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 eject cd-rom (follows /dev/cdrom symlink) + exit() 40 bytes |
8027 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 eject/close cd-rom loop (follows /dev/cdrom symlink) 45 bytes |
7690 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 chmod(/etc/shadow, 0666) + exit() 32 bytes |
8368 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 connect-back shellcode 127.0.0.1:31337/tcp 74 bytes |
8498 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 normal exit w/ random (so to speak) return value 5 bytes |
7318 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 getppid() + execve(/proc/pid/exe) 51 bytes |
7279 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 quick (yet conditional, eax != 0 and edx == 0) exit 4 bytes |
7468 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 reboot() - 20 bytes |
9730 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes |
7815 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 execve(/bin/sh) / PUSH - 23 bytes |
7657 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 cat /dev/urandom > /dev/console, just for kicks - 63 bytes |
7931 |
R |
|
D
|
|
izik
|
| 2005-12-28 |
linux/x86 Connect Back shellcode 90 bytes |
10660 |
R |
|
D
|
|
xort
|
| 2005-12-28 |
linux/x86 socket-proxy shellcode 372 bytes |
8878 |
R |
|
D
|
|
xort
|
| 2005-11-09 |
linux/x86 dup2(0,0); dup2(0,1); dup2(0,2); 15 bytes |
8597 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-09 |
linux/x86 if(read(fd,buf,512)<=2) _exit(1) else buf(); 29 bytes |
8048 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-09 |
linux/x86 _exit(1); 7 bytes |
8468 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-09 |
linux/x86 read(0,buf,2541); chmod(buf,4755); 23 bytes |
7961 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-09 |
linux/x86 write(0,"Hello core!\n",12); (w/optional 7 byte exit) 36 bytes |
8771 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-04 |
linux/x86 snoop /dev/dsp shellcode 172 bytes |
13905 |
R |
|
D
|
|
phar
|
| 2005-09-15 |
linux/x86 /bin/sh Standard Opcode Array Payload 21 Bytes |
10255 |
R |
|
D
|
|
c0ntex
|
| 2005-09-09 |
linux/x86 examples of long-term payloads hide-wait-change (.s) |
9285 |
R |
|
D
|
|
xort
|
| 2005-09-08 |
linux/x86 examples of long-term payloads hide-wait-change 187 bytes+ |
8618 |
R |
|
D
|
|
xort
|
| 2005-09-04 |
linux/x86 /bin/sh sysenter Opcode Array Payload 23 Bytes |
8253 |
R |
|
D
|
|
BaCkSpAcE
|
| 2005-08-25 |
linux/x86 /bin/sh sysenter Opcode Array Payload 27 Bytes |
8882 |
R |
|
D
|
|
amnesia
|
| 2005-08-19 |
linux/x86 /bin/sh sysenter Opcode Array Payload 45 bytes |
9416 |
R |
|
D
|
|
c0ntex
|
| 2005-07-11 |
linux/x86 chroot & standart 66 bytes |
9703 |
R |
|
D
|
|
Okti
|
| 2005-06-19 |
linux/x86 upload & exec 189 bytes |
11256 |
R |
|
D
|
|
cybertronic
|
| 2004-12-26 |
linux/x86 setreuid/execve 31 bytes |
9614 |
R |
|
D
|
|
oc192
|
| 2004-12-22 |
linux/x86 alpha-numeric shellcode 64 bytes |
9854 |
R |
|
D
|
|
xort
|
| 2004-12-22 |
linux/x86 alpha-numeric using IMUL Method shellcode 88 bytes |
9212 |
R |
|
D
|
|
xort
|
| 2004-12-22 |
linux/x86 Radically Self Modifying Code 70 bytes |
9388 |
R |
|
D
|
|
xort
|
| 2004-12-22 |
linux/x86 Magic Byte Self Modifying Code 76 bytes |
9483 |
R |
|
D
|
|
xort
|
| 2004-11-15 |
linux/x86 execve code 23 bytes |
8304 |
R |
|
D
|
|
marcetam
|
| 2004-11-15 |
linux/x86 execve("/bin/ash",0,0); 21 bytes |
8220 |
R |
|
D
|
|
zasta
|
| 2004-09-26 |
linux/x86 execve /bin/sh alphanumeric 392 bytes |
8283 |
R |
|
D
|
|
RaiSe
|
| 2004-09-26 |
linux/x86 execve /bin/sh IA32 0xff-less 45 bytes |
7288 |
R |
|
D
|
|
anathema
|
| 2004-09-26 |
linux/x86 symlink /bin/sh xoring 56 bytes |
8108 |
R |
|
D
|
|
dev0id
|
| 2004-09-26 |
linux/x86 portbind port 5074 toupper 226 bytes |
7527 |
R |
|
D
|
|
Tora
|
| 2004-09-26 |
linux/x86 add user t00r ENCRYPT 116 bytes |
8300 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-26 |
linux/x86 chmod 666 shadow ENCRYPT 75 bytes |
8220 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-26 |
linux/x86 symlink . /bin/sh 32 bytes |
7665 |
R |
|
D
|
|
dev0id
|
| 2004-09-26 |
linux/x86 kill snort 151 bytes |
7704 |
R |
|
D
|
|
nob0dy
|
| 2004-09-26 |
linux/x86 shared memory exec 50 bytes |
7303 |
R |
|
D
|
|
sloth
|
| 2004-09-26 |
linux/x86 iptables -F 45 bytes |
7951 |
R |
|
D
|
|
UnboundeD
|
| 2004-09-26 |
linux/x86 iptables -F 58 bytes |
8186 |
R |
|
D
|
|
dev0id
|
| 2004-09-26 |
linux/x86 Reverse telnet 134 bytes |
9497 |
R |
|
D
|
|
hts
|
| 2004-09-26 |
linux/x86 connect 120 bytes |
7801 |
R |
|
D
|
|
lamagra
|
| 2004-09-26 |
linux/x86 chmod 666 /etc/shadow 41 bytes |
8396 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-26 |
linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes |
8245 |
R |
|
D
|
|
RaiSe
|
| 2004-09-26 |
linux/x86 eject /dev/cdrom 64 bytes |
7690 |
R |
|
D
|
|
lamagra
|
| 2004-09-26 |
linux/x86 xterm -ut -display [IP]:0 132 bytes |
8166 |
R |
|
D
|
|
RaiSe
|
| 2004-09-26 |
linux/x86 ipchains -F 49 bytes |
7376 |
R |
|
D
|
|
Sp4rK
|
| 2004-09-26 |
linux/x86 chmod 666 /etc/shadow 82 bytes |
8576 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh 29 bytes |
8782 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh 24 bytes |
8757 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh 38 bytes |
8218 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh 30 bytes |
7906 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh setreuid(12,12) 50 bytes |
9252 |
R |
|
D
|
|
n/a
|
| 2004-09-12 |
linux/x86 portbind port 5074 92 bytes |
8079 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 portbind port 5074 + fork() 130 bytes |
8135 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 add user t00r 82 bytes |
8942 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 add user 104 bytes |
7968 |
R |
|
D
|
|
Matt Conover
|
| 2004-09-12 |
linux/x86 break chroot 34 bytes |
8544 |
R |
|
D
|
|
dev0id
|
| 2004-09-12 |
linux/x86 break chroot 46 bytes |
8410 |
R |
|
D
|
|
dev0id
|
| 2004-09-12 |
linux/x86 break chroot execve /bin/sh 80 bytes |
7776 |
R |
|
D
|
|
preedator
|
| 2004-09-12 |
linux/x86 execve /bin/sh encrypted 58 bytes |
7925 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh xor encrypted 55 bytes |
9322 |
R |
|
D
|
|
n/a
|
| 2004-09-12 |
linux/x86 execve /bin/sh tolower() evasion 41 bytes |
9117 |
R |
|
D
|
|
n/a
|
| 2001-05-07 |
execve of /bin/sh after setreuid(0,0) |
9120 |
R |
|
D
|
|
Marco Ivaldi
|
| 2001-01-13 |
linux chroot()/execve() code |
8613 |
R |
|
D
|
|
preedator
|
| 2000-08-08 |
linux/x86 execve /bin/sh toupper() evasion 55 bytes |
9255 |
R |
|
D
|
|
n/a
|
| 2000-08-07 |
linux/x86 add user 70 bytes |
11375 |
R |
|
D
|
|
n/a
|
| 2000-08-07 |
linux/x86 break chroot setuid(0) + /bin/sh 132 bytes |
11577 |
R |
|
D
|
|
n/a
|
