| -::DATE |
-::DESCRIPTION |
-::HITS |
|
|
|
|
-::AUTHOR |
| 2009-09-15 |
linux/x86 Self-modifying shellcode for IDS evasion 64 bytes |
4237 |
R |
|
D
|
|
XenoMuta
|
| 2009-09-15 |
linux/x86 shellcode that forks a HTTP Server on port tcp/8800 166 bytes |
9105 |
R |
|
D
|
|
XenoMuta
|
| 2009-09-09 |
linux/x86 listens for shellcode on tcp/5555 and jumps to it |
4577 |
R |
|
D
|
|
XenoMuta
|
| 2009-08-26 |
linux/x86 Polymorphic shellcode disable Network Card 75 bytes |
5390 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-08-11 |
linux/x86 killall5 polymorphic shellcode 61 bytes |
4574 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-08-11 |
linux/x86 /bin/sh polymorphic shellcode 48 bytes |
6929 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-07-10 |
Linux/x86 Port Binding Shellcode (xor-encoded) 152 bytes |
6727 |
R |
|
D
|
|
Rick
|
| 2009-06-29 |
linux/x86 reboot() polymorphic shellcode 57 bytes |
6076 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-06-22 |
linux/x86 Shellcode Polymorphic chmod("/etc/shadow",666) 54 bytes |
5582 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-06-16 |
linux/x86 setreuid(geteuid(),geteuid()),execve("/bin/sh",0,0) 34 bytes |
3368 |
R |
|
D
|
|
blue9057
|
| 2009-06-08 |
linux/x86 bindport 8000 & execve iptables -F 176 bytes |
2638 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-06-08 |
linux/x86 bindport 8000 & add user with root access 225+ bytes |
4443 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-06-01 |
linux/x86 Bind ASM Code Linux 179 bytes. |
3387 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-05-14 |
linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes |
3805 |
R |
|
D
|
|
evil.xi4oyu
|
| 2009-04-30 |
Serial port shell binding, busybox Launching shellcode |
5748 |
R |
|
D
|
|
phar
|
| 2009-03-03 |
linux/x86 File unlinker 18 bytes + file path length |
5277 |
R |
|
D
|
|
darkjoker
|
| 2009-03-03 |
linux/x86 Perl script execution 99 bytes + script length |
9091 |
R |
|
D
|
|
darkjoker
|
| 2009-02-27 |
linux/x86 file reader 65 bytes + pathname |
5337 |
R |
|
D
|
|
certaindeath
|
| 2009-02-20 |
linux/x86 chmod("/etc/shadow",666) & exit(0) 30 bytes |
7452 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-02-04 |
linux/x86 killall5 shellcode 34 bytes |
6215 |
R |
|
D
|
|
Jonathan Salwan
|
| 2009-01-16 |
linux/x86 PUSH reboot() - 30 bytes |
9691 |
R |
|
D
|
|
Jonathan Salwan
|
| 2008-12-09 |
linux x86 shellcode obfuscator |
12408 |
R |
|
D
|
|
sm4x
|
| 2008-11-23 |
linux/x86 connect-back port UDP/54321 live packet capture 151 bytes |
5790 |
R |
|
D
|
|
XenoMuta
|
| 2008-11-23 |
linux/x86 append rsa key to /root/.ssh/authorized_keys2 295 bytes |
9425 |
R |
|
D
|
|
XenoMuta
|
| 2008-11-19 |
linux/x86 edit /etc/sudoers for full access 86 bytes |
6297 |
R |
|
D
|
|
Rick
|
| 2008-11-18 |
Ho' Detector (Promiscuous mode detector shellcode) 56 bytes |
4460 |
R |
|
D
|
|
XenoMuta
|
| 2008-11-13 |
linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 28 bytes
|
5100 |
R |
|
D
|
|
sch3m4
|
| 2008-09-29 |
linux/x86 setresuid(0,0,0) /bin/sh shellcode 35 bytes |
10274 |
R |
|
D
|
|
sorrow
|
| 2008-09-17 |
linux/x86 iopl(3); asm(cli); while(1){} 12 bytes |
8157 |
R |
|
D
|
|
dun
|
| 2008-09-09 |
linux/x86 system-beep shellcode 45 bytes |
8169 |
R |
|
D
|
|
Thomas Rinsma
|
| 2008-08-25 |
linux/x86 connect back, download a file and execute 149 bytes |
5566 |
R |
|
D
|
|
militan
|
| 2008-08-19 |
linux/86 setreuid(geteuid, geteuid) + execve(/bin/sh) shellcode |
10896 |
R |
|
D
|
|
Reth
|
| 2008-08-18 |
linux/x86 connect back.send.exit /etc/shadow 155 bytes |
4533 |
R |
|
D
|
|
0in
|
| 2008-08-18 |
linux/x86 writes a php connectback shell to the fs 508 bytes |
4388 |
R |
|
D
|
|
GS2008
|
| 2008-08-18 |
linux/x86 rm -rf / attempts to block the process from being stopped |
4150 |
R |
|
D
|
|
onionring
|
| 2008-08-18 |
linux/x86 setuid(0) . setgid(0) . aslr_off 79 bytes |
4946 |
R |
|
D
|
|
LiquidWorm
|
| 2007-04-02 |
linux/x86 raw-socket ICMP/checksum shell 235 byte |
34340 |
R |
|
D
|
|
mu-b
|
| 2007-03-09 |
linux/x86 /sbin/iptables -F 40 bytes |
26357 |
R |
|
D
|
|
Kris Katterjohn
|
| 2007-03-09 |
linux/x86 kill all processes 11 bytes |
47339 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-20 |
linux/x86 execve read shellcode - 92 bytes |
16107 |
R |
|
D
|
|
0ut0fbound
|
| 2006-11-17 |
linux/x86 /sbin/ipchains -F 40 bytes |
12804 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 set system time to 0 and exit 12 bytes |
11566 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 add root user r00t with no password to
/etc/passwd 69 bytes |
31782 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 chmod 0666 /etc/shadow 36 bytes |
14377 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 forkbomb 7 bytes |
11162 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-17 |
linux/x86 execve(rm -rf /) shellcode 45 bytes |
9994 |
R |
|
D
|
|
Kris Katterjohn
|
| 2006-11-16 |
linux/x86 setuid(0) + execve(/bin/sh) 28 bytes |
9253 |
R |
|
D
|
|
Revenge
|
| 2006-11-16 |
linux/x86 execve(/bin/sh) 22 bytes |
9591 |
R |
|
D
|
|
Revenge
|
| 2006-10-22 |
linux/x86 HTTP/1.x GET, Downloads and execve() 111 bytes+ |
10721 |
R |
|
D
|
|
izik
|
| 2006-08-02 |
linux/x86 executes command after setreuid (9 + 40 bytes + cmd) |
13966 |
R |
|
D
|
|
bunker
|
| 2006-07-20 |
linux/x86 stdin re-open and /bin/sh exec shellcode |
12596 |
R |
|
D
|
|
Marco Ivaldi
|
| 2006-07-20 |
linux/x86 re-use of /bin/sh string in .rodata shellcode 16 bytes |
10532 |
R |
|
D
|
|
Marco Ivaldi
|
| 2006-07-20 |
linux/x86 setuid(0) and /bin/sh execve() shellcode 30 bytes |
10327 |
R |
|
D
|
|
Marco Ivaldi
|
| 2006-07-20 |
linux/x86 setuid/portbind shellcode 96 bytes |
9503 |
R |
|
D
|
|
Marco Ivaldi
|
| 2006-07-04 |
linux/x86 portbind (define your own port) 84 bytes |
9891 |
R |
|
D
|
|
oveRet
|
| 2006-05-14 |
linux/x86 execve() Diassembly Obfuscation Shellcode 32 bytes |
10712 |
R |
|
D
|
|
BaCkSpAcE
|
| 2006-05-08 |
linux/x86 SET_PORT() portbind 100 bytes |
10508 |
R |
|
D
|
|
Benjamin Orozco
|
| 2006-05-08 |
linux/x86 SET_IP() Connectback Shellcode 82 bytes |
10920 |
R |
|
D
|
|
Benjamin Orozco
|
| 2006-05-01 |
linux/x86 execve(/bin/sh) 24 bytes |
12219 |
R |
|
D
|
|
hophet
|
| 2006-04-18 |
linux/x86 xor-encoded Connect Back Shellcode 371 bytes |
9171 |
R |
|
D
|
|
xort
|
| 2006-04-17 |
linux/x86 execve(/bin/sh) + ZIP Header 28 bytes |
8843 |
R |
|
D
|
|
izik
|
| 2006-04-17 |
linux/x86 execve(/bin/sh) + RTF Header 30 bytes |
7360 |
R |
|
D
|
|
izik
|
| 2006-04-17 |
linux/x86 execve(/bin/sh) + RIFF Header 28 bytes |
7308 |
R |
|
D
|
|
izik
|
| 2006-04-17 |
linux/x86 execve(/bin/sh) + Bitmap Header 27 bytes |
7660 |
R |
|
D
|
|
izik
|
| 2006-04-16 |
linux/x86 SWAP restore shellcode 109 bytes |
7331 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-16 |
linux/x86 SWAP store shellcode 99 bytes |
7311 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-06 |
linux/x86 Password Authentication portbind Shellcode 166 bytes |
10849 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-06 |
linux/x86 portbind (port 64713) 86 bytes |
8420 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 25 bytes |
8853 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 execve("/bin/sh", ["/bin/sh", NULL]) 23 bytes |
8039 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 setuid(0) + execve("/bin/sh", ["/bin/sh", NULL]) 31 bytes |
7851 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes |
7602 |
R |
|
D
|
|
Gotfault Security
|
| 2006-04-03 |
linux/x86 setreuid(0,0) execve("/bin/sh", ["/bin/sh", NULL]) 33 bytes |
7247 |
R |
|
D
|
|
Gotfault Security
|
| 2006-03-12 |
linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+ |
9817 |
R |
|
D
|
|
izik
|
| 2006-02-07 |
linux/x86 TCP Proxy Shellcode 236 bytes |
11680 |
R |
|
D
|
|
phar
|
| 2006-01-26 |
linux/x86 execve /bin/sh anti-ids 40 bytes |
9505 |
R |
|
D
|
|
NicatiN
|
| 2006-01-25 |
linux/x86 execve /bin/sh xored for Intel x86 CPUID 41 bytes |
8769 |
R |
|
D
|
|
izik
|
| 2006-01-25 |
linux/x86 execve /bin/sh (encoded by +1) 39 bytes |
8360 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 Adduser without Password to /etc/passwd 59 bytes |
12812 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 anti-debug trick (INT 3h trap) + execve /bin/sh 39 bytes |
8125 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 Bind /bin/sh to 31337/tcp 80 bytes |
9117 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 Bind /bin/sh to 31337/tcp + fork() 98 bytes |
8260 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 24/7 open cd-rom loop (follows /dev/cdrom symlink) 39 bytes |
7783 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 eject cd-rom (follows /dev/cdrom symlink) + exit() 40 bytes |
8023 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 eject/close cd-rom loop (follows /dev/cdrom symlink) 45 bytes |
7689 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 chmod(/etc/shadow, 0666) + exit() 32 bytes |
8367 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 connect-back shellcode 127.0.0.1:31337/tcp 74 bytes |
8495 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 normal exit w/ random (so to speak) return value 5 bytes |
7316 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 getppid() + execve(/proc/pid/exe) 51 bytes |
7276 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 quick (yet conditional, eax != 0 and edx == 0) exit 4 bytes |
7467 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 reboot() - 20 bytes |
9727 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes |
7813 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 execve(/bin/sh) / PUSH - 23 bytes |
7655 |
R |
|
D
|
|
izik
|
| 2006-01-21 |
linux/x86 cat /dev/urandom > /dev/console, just for kicks - 63 bytes |
7929 |
R |
|
D
|
|
izik
|
| 2005-12-28 |
linux/x86 Connect Back shellcode 90 bytes |
10656 |
R |
|
D
|
|
xort
|
| 2005-12-28 |
linux/x86 socket-proxy shellcode 372 bytes |
8877 |
R |
|
D
|
|
xort
|
| 2005-11-09 |
linux/x86 dup2(0,0); dup2(0,1); dup2(0,2); 15 bytes |
8596 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-09 |
linux/x86 if(read(fd,buf,512)<=2) _exit(1) else buf(); 29 bytes |
8046 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-09 |
linux/x86 _exit(1); 7 bytes |
8466 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-09 |
linux/x86 read(0,buf,2541); chmod(buf,4755); 23 bytes |
7960 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-09 |
linux/x86 write(0,"Hello core!\n",12); (w/optional 7 byte exit) 36 bytes |
8770 |
R |
|
D
|
|
Charles Stevenson
|
| 2005-11-04 |
linux/x86 snoop /dev/dsp shellcode 172 bytes |
13902 |
R |
|
D
|
|
phar
|
| 2005-09-15 |
linux/x86 /bin/sh Standard Opcode Array Payload 21 Bytes |
10254 |
R |
|
D
|
|
c0ntex
|
| 2005-09-09 |
linux/x86 examples of long-term payloads hide-wait-change (.s) |
9283 |
R |
|
D
|
|
xort
|
| 2005-09-08 |
linux/x86 examples of long-term payloads hide-wait-change 187 bytes+ |
8617 |
R |
|
D
|
|
xort
|
| 2005-09-04 |
linux/x86 /bin/sh sysenter Opcode Array Payload 23 Bytes |
8251 |
R |
|
D
|
|
BaCkSpAcE
|
| 2005-08-25 |
linux/x86 /bin/sh sysenter Opcode Array Payload 27 Bytes |
8881 |
R |
|
D
|
|
amnesia
|
| 2005-08-19 |
linux/x86 /bin/sh sysenter Opcode Array Payload 45 bytes |
9414 |
R |
|
D
|
|
c0ntex
|
| 2005-07-11 |
linux/x86 chroot & standart 66 bytes |
9702 |
R |
|
D
|
|
Okti
|
| 2005-06-19 |
linux/x86 upload & exec 189 bytes |
11254 |
R |
|
D
|
|
cybertronic
|
| 2004-12-26 |
linux/x86 setreuid/execve 31 bytes |
9611 |
R |
|
D
|
|
oc192
|
| 2004-12-22 |
linux/x86 alpha-numeric shellcode 64 bytes |
9853 |
R |
|
D
|
|
xort
|
| 2004-12-22 |
linux/x86 alpha-numeric using IMUL Method shellcode 88 bytes |
9211 |
R |
|
D
|
|
xort
|
| 2004-12-22 |
linux/x86 Radically Self Modifying Code 70 bytes |
9386 |
R |
|
D
|
|
xort
|
| 2004-12-22 |
linux/x86 Magic Byte Self Modifying Code 76 bytes |
9481 |
R |
|
D
|
|
xort
|
| 2004-11-15 |
linux/x86 execve code 23 bytes |
8303 |
R |
|
D
|
|
marcetam
|
| 2004-11-15 |
linux/x86 execve("/bin/ash",0,0); 21 bytes |
8217 |
R |
|
D
|
|
zasta
|
| 2004-09-26 |
linux/x86 execve /bin/sh alphanumeric 392 bytes |
8282 |
R |
|
D
|
|
RaiSe
|
| 2004-09-26 |
linux/x86 execve /bin/sh IA32 0xff-less 45 bytes |
7287 |
R |
|
D
|
|
anathema
|
| 2004-09-26 |
linux/x86 symlink /bin/sh xoring 56 bytes |
8106 |
R |
|
D
|
|
dev0id
|
| 2004-09-26 |
linux/x86 portbind port 5074 toupper 226 bytes |
7524 |
R |
|
D
|
|
Tora
|
| 2004-09-26 |
linux/x86 add user t00r ENCRYPT 116 bytes |
8299 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-26 |
linux/x86 chmod 666 shadow ENCRYPT 75 bytes |
8218 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-26 |
linux/x86 symlink . /bin/sh 32 bytes |
7663 |
R |
|
D
|
|
dev0id
|
| 2004-09-26 |
linux/x86 kill snort 151 bytes |
7702 |
R |
|
D
|
|
nob0dy
|
| 2004-09-26 |
linux/x86 shared memory exec 50 bytes |
7300 |
R |
|
D
|
|
sloth
|
| 2004-09-26 |
linux/x86 iptables -F 45 bytes |
7949 |
R |
|
D
|
|
UnboundeD
|
| 2004-09-26 |
linux/x86 iptables -F 58 bytes |
8183 |
R |
|
D
|
|
dev0id
|
| 2004-09-26 |
linux/x86 Reverse telnet 134 bytes |
9492 |
R |
|
D
|
|
hts
|
| 2004-09-26 |
linux/x86 connect 120 bytes |
7800 |
R |
|
D
|
|
lamagra
|
| 2004-09-26 |
linux/x86 chmod 666 /etc/shadow 41 bytes |
8395 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-26 |
linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes |
8243 |
R |
|
D
|
|
RaiSe
|
| 2004-09-26 |
linux/x86 eject /dev/cdrom 64 bytes |
7689 |
R |
|
D
|
|
lamagra
|
| 2004-09-26 |
linux/x86 xterm -ut -display [IP]:0 132 bytes |
8164 |
R |
|
D
|
|
RaiSe
|
| 2004-09-26 |
linux/x86 ipchains -F 49 bytes |
7375 |
R |
|
D
|
|
Sp4rK
|
| 2004-09-26 |
linux/x86 chmod 666 /etc/shadow 82 bytes |
8575 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh 29 bytes |
8779 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh 24 bytes |
8755 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh 38 bytes |
8217 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh 30 bytes |
7904 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh setreuid(12,12) 50 bytes |
9248 |
R |
|
D
|
|
n/a
|
| 2004-09-12 |
linux/x86 portbind port 5074 92 bytes |
8078 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 portbind port 5074 + fork() 130 bytes |
8133 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 add user t00r 82 bytes |
8940 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 add user 104 bytes |
7967 |
R |
|
D
|
|
Matt Conover
|
| 2004-09-12 |
linux/x86 break chroot 34 bytes |
8540 |
R |
|
D
|
|
dev0id
|
| 2004-09-12 |
linux/x86 break chroot 46 bytes |
8408 |
R |
|
D
|
|
dev0id
|
| 2004-09-12 |
linux/x86 break chroot execve /bin/sh 80 bytes |
7772 |
R |
|
D
|
|
preedator
|
| 2004-09-12 |
linux/x86 execve /bin/sh encrypted 58 bytes |
7922 |
R |
|
D
|
|
Matias Sedalo
|
| 2004-09-12 |
linux/x86 execve /bin/sh xor encrypted 55 bytes |
9321 |
R |
|
D
|
|
n/a
|
| 2004-09-12 |
linux/x86 execve /bin/sh tolower() evasion 41 bytes |
9115 |
R |
|
D
|
|
n/a
|
| 2001-05-07 |
execve of /bin/sh after setreuid(0,0) |
9116 |
R |
|
D
|
|
Marco Ivaldi
|
| 2001-01-13 |
linux chroot()/execve() code |
8612 |
R |
|
D
|
|
preedator
|
| 2000-08-08 |
linux/x86 execve /bin/sh toupper() evasion 55 bytes |
9253 |
R |
|
D
|
|
n/a
|
| 2000-08-07 |
linux/x86 add user 70 bytes |
11373 |
R |
|
D
|
|
n/a
|
| 2000-08-07 |
linux/x86 break chroot setuid(0) + /bin/sh 132 bytes |
11575 |
R |
|
D
|
|
n/a
|
