| Author |
Linux |
|
|
| rigan | Linux/x86 - Search php,html writable files and add your code - 380+ bytes |
| pentesters.ir | Linux/x86 - setuid(0)+setgid(0)+add user iph without password to /etc/passwd - 124 bytes |
| Ali Raheem | Linux/x86 - egghunt shellcode - 29 bytes |
| Florian Gaultier | Linux/x86 - Surprise ! ! ! - 361 bytes |
| Jonathan Salwan | Linux/x86 - ConnectBack with SSL connection - 422 bytes |
| John Babio | Linux/x86 - /etc/init.d/apparmor teardown - 53 bytes |
| antrhacks | Linux/x86 - execve(/bin/cat, /etc/shadow, NULL) - 42 bytes |
| Jonathan Salwan | Linux/x86 - netcat bindshell port 6666 - 69 bytes |
| Chroniccommand | Linux/x86 - execve(/bin/dash) - 49 bytes |
| kernel_panik | Linux/x86 - execve (/bin/sh) - 21 Bytes |
| John Babio | Linux/x86 - /usr/bin/killall snort - 46 bytes |
| John Babio | Linux/x86 - ///sbin/iptables -POUTPUT DROP - 60 bytes |
| Aodrulez | Linux/x86 - /bin/sh Null-Free Polymorphic - 46 bytes |
| Blake | Linux/x86 - netcat connect back port 8080 - 76 bytes |
| Blake | Linux/x86 - netcat bindshell port 8080 - 75 bytes |
| gunslinger_ | Linux/x86 - Find all writeable folder in filesystem linux polymorphic shellcode |
| gunslinger_ | Linux/x86 - nc -lp 31337 -e /bin//sh polymorphic - 91 bytes |
| gunslinger_ | Linux/x86 - bind port to 6678 XOR encoded polymorphic - 125 bytes |
| Magnefikko | Linux/x86 - bind sh@64533 - 97 bytes |
| gunslinger_ | Linux/x86 - Polymorphic bindport to 13123 - 125 bytes |
| gunslinger_ | Linux/x86 - Polymorphic bindport to 31337 with setreuid (0,0) - 131 bytes |
| gunslinger_ | Linux/x86 - polymorphic cdrom ejecting - 74 bytes |
| agix | Linux/x86 - chmod(/etc/shadow, 0666) ASCII - 443 bytes |
| gunslinger_ | Linux/x86 - give all user root access when execute /bin/sh - 45 bytes |
| gunslinger_ | Linux/x86 - chown root:root /bin/sh - 48 bytes |
| gunslinger_ | Linux/x86 - force unmount /media/disk - 33 bytes |
| gunslinger_ | Linux/x86 - hard reboot (without any message) and data not lost - 33 bytes |
| gunslinger_ | Linux/x86 - hard reboot (without any message) and data will be lost - 29 bytes |
| gunslinger_ | Linux/x86 - setdomainname to (th1s s3rv3r h4s b33n h1j4ck3d !!) |
| gunslinger_ | Linux/x86 - unlink /etc/shadow - 33 bytes |
| gunslinger_ | Linux/x86 - sys_rmdir(/tmp/willdeleted) - 41 bytes |
| gunslinger_ | Linux/x86 - sys_execve(/bin/sh, -c, ping localhost) - 55 bytes |
| gunslinger_ | Linux/x86 - sys_setuid(0) & sys_setgid(0) & execve (/bin/sh) - 39 bytes |
| gunslinger_ | Linux/x86 - sys_sync - 6 bytes |
| gunslinger_ | Linux/x86 - sys_kill(-1,9) - 11 bytes |
| gunslinger_ | Linux/x86 - sys_chmod(/etc/shadow, 599) - 39 bytes |
| antrhacks | Linux/x86 - Polymorphic - setuid(0) + chmod(/etc/shadow, 0666) - 61 Bytes |
| gunslinger_ | Linux/x86 - sys_exit(0) - 8 bytes |
| gunslinger_ | Linux/x86 - sys_sethostname(PwNeD !!, 8) - 32 bytes |
| gunslinger_ | Linux/x86 - cdrom ejecting shellcode - 46 bytes |
| agix | Linux/x86 - alphanumeric Bomb FORK Shellcode - 117 Bytes |
| Jonathan Salwan | Linux/x86 - Disable randomize stack addresse - 106 bytes |
| Jonathan Salwan | Linux/x86 - Remote file Download - 42 bytes |
| agix | Linux/x86 - pwrite(/etc/shadow, hash, 32, 8) - 89 Bytes |
| antrhacks | Linux/x86 - setuid(0) + chmod(/etc/shadow, 0666) - 37 Bytes |
| Jonathan Salwan | Linux/x86 - polymorphic execve(/bin/bash, [/bin/sh, -p], NULL) - 57 bytes |
| Jonathan Salwan | Linux/x86 - execve(/bin/bash, [/bin/sh, -p], NULL) - 33 bytes |
| condis | Linux/x86 - sends Phuck3d! to all terminals - 60 bytes |
| Magnefikko | Linux/x86 - setuid(0) ^ execve(/bin/sh, 0, 0) - 27 bytes |
| Marcin Ulikowski | Linux/x86 - setuid(0) + execve(/bin/sh,...) - 29 bytes |
| Magnefikko | Linux/x86 - setreud(getuid(), getuid()) & execve(/bin/sh) - 34 bytes |
| Jonathan Salwan | Linux/x86 - polymorphic forkbombe - 30 bytes |
| Magnefikko | Linux/x86 - chmod(/etc/shadow, 0777) - 29 bytes |
| Jonathan Salwan | Linux/x86 - fork() - 6 bytes |
| sm0k | Linux/x86 - chmod(/etc/shadow, 0777) - 33 bytes |
| Magnefikko | Linux/x86 - execve(a->/bin/sh) - 14 bytes |
| Magnefikko | Linux/x86 - SLoc-DoS shellcode - 55 bytes |
| Magnefikko | Linux/x86 - DoS-Badger-Game - 6 bytes |
| Magnefikko | Linux/x86 - execve(/bin/sh) - 25 bytes |
| Magnefikko | Linux/x86 - chmod(/etc/shadow, 0666) - 36 bytes |
| Teo Manojlovic | Linux/x86 - nc -lvve/bin/sh -p13377 shellcode - 64 bytes |
| sekfault | Linux/x86 - disabled modsecurity - 64 bytes |
| ipv | Linux/x86 - execve /bin/sh - 21 bytes |
| JungHoon Shin | Linux/x86 - /bin/sh - 8 bytes |
| fb1h2s | Linux/x86 - bin/cat /etc/passwd - 43 bytes |
| root@thegibson | Linux/x86 - chmod 666 /etc/shadow - 27 bytes |
| root@thegibson | Linux/x86 - overwrite MBR on /dev/sda with LOL! - 43 bytes |
| root@thegibson | Linux/x86 - kill all processes - 9 bytes |
| root@thegibson | Linux/x86 - eject /dev/cdrom - 42 bytes |
| $andman | Linux/x86 - append /etc/passwd & exit() - 107 bytes |
| $andman | Linux/x86 - unlink(/etc/passwd) & exit() - 35 bytes |
| ka0x | Linux/x86 - setuid(0) & execve(/sbin/poweroff -f) - 47 bytes |
| ka0x | Linux/x86 - setuid(0) & execve(/bin/cat /etc/shadow) - 49 bytes |
| ka0x | Linux/x86 - chmod(/etc/shadow, 0666) & exit() - 33 bytes |
| fl0 fl0w | Linux/x86 - execve() - 51bytes |
| eSDee [Netric .org] | Linux/x86 - /sbin/iptables --flush - 69 bytes |
| eSDee [Netric .org] | Linux/x86 - forking portbind shellcode - port=0xb0ef(45295) - 200 bytes |
| eSDee [Netric .org] | Linux/x86 - connect back shellcode (port=0xb0ef) - 131 bytes |
| sacrine | Linux/x86 - setresuid(0,0,0); execve /bin/sh; exit; - 41 bytes |
| Bob [Dtors.net] | Linux/x86 - chmod(//bin/sh ,04775); set sh +s - 31 bytes |
| Bob [Dtors.net] | Linux/x86 - setuid(); execve(); exit(); - 44 bytes |
| Bob [Dtors.net] | Linux/x86 - adds a root user no-passwd to /etc/passwd - 83 bytes |
| Bob [Dtors.net] | Linux/x86 - execve()/bin/ash; exit; - 34 bytes |
| zillion | Linux/x86 - execve of /bin/sh /tmp/p00p - 70 bytes |
| zillion | Linux/x86 - execve() of /sbin/iptables -F - 70 bytes |
| zillion | Linux/x86 - execve of /sbin/ipchains -F - 70 bytes |
| zillion | Linux/x86 - add a passwordless local root account w000t - 177 bytes |
| zillion | Linux/x86 - mkdir() & exit() - 36 bytes |
| Cody Tubbs | Linux/x86 - Audio (knock knock knock) via /dev/dsp+setreuid(0,0)+execve() - 566 bytes |
| n/a | Linux/x86 - hence dropping a SUID root shell in /tmp - 126 bytes |
| Jonathan Salwan | Linux/x86 - polymorphic ip6tables -F - 71 bytes |
| Jonathan Salwan | Linux/x86 - ip6tables -F - 47 bytes |
| sToRm | Linux/x86 - execve(/bin/sh,0,0) - 21 bytes |
| sToRm | Linux/x86 - setuid(0) & execve(/bin/sh,0,0) - 28 bytes |
| sToRm | Linux/x86 - portbind /bin/sh (port 64713) - 83 bytes |
| Jonathan Salwan | Linux/x86 - pacman -S <package> (default package: backdoor) - 64 bytes |
| Jonathan Salwan | Linux/x86 - pacman -R <package> - 59 bytes |
| Xenomuta | Linux/x86 - shellcode that forks a HTTP Server on port tcp/8800 - 166 bytes |
| Xenomuta | Linux/x86 - Self-modifying ShellCode for IDS evasion - 64 bytes |
| XenoMuta | Linux/x86 - listens for shellcode on tcp/5555 and jumps to it - 83 bytes |
| Jonathan Salwan | Linux/x86 - Polymorphic shellcode for disable Network Card - 75 bytes |
| Jonathan Salwan | Linux/x86 - /bin/sh polymorphic shellcode - 48 bytes |
| Jonathan Salwan | Linux/x86 - killall5 polymorphic shellcode - 61 bytes |
| TheWorm | Linux/x86 - execve(/sbin/halt,/sbin/halt) - 27 bytes |
| Rick | Linux/x86 - Port Bind 4444 ( xor-encoded ) - 152 bytes |
| TheWorm | Linux/x86 - execve(/sbin/reboot,/sbin/reboot) - 28 bytes |
| TheWorm | Linux/x86 - execve(/sbin/shutdown,/sbin/shutdown 0) - 36 bytes |
| TheWorm | Linux/x86 - setuid(0), setgid(0) & execve(/bin/sh,[/bin/sh,NULL]) - 33 bytes |
| TheWorm | Linux/x86 - setuid(0) & execve(/bin/sh,0) - 25 bytes |
| TheWorm | Linux/x86 - exit(0) 3 bytes or exit(1) 4 bytes |
| vlan7 | Linux/x86 - setuid() & execve() - 27 bytes |
| vlan7 | Linux/x86 - disables shadowing - 42 bytes |
| Jonathan Salwan | Linux/x86 - reboot() polymorphic shellcode - 57 bytes |
| Shok | Linux/x86 - Add root user /etc/passwd - 104 bytes |
| blue9057 | Linux/x86 - setreuid(geteuid(),geteuid()),execve(/bin/sh,0,0) - 34bytes |
| Tora | Linux/x86 - Bindshell TCP/5074 - 226 bytes |
| sloth | Linux/x86 - shared memory exec - 50 bytes |
| UnboundeD | Linux/x86 - iptables -F - 45 bytes |
| hts | Linux/x86 - Reverse Telnet |
| lamagra | Linux/x86 - Bindport TCP/3879 |
| Sp4rK | Linux/x86 - iptables -F - 49 bytes |
| preedator | Linux/x86 - chroot()/execve() code |
| preedator | Linux/x86 - break chroot execve /bin/sh - 80 bytes |
| dev0id | Linux/x86 - iptables -F - 58 bytes |
| dev0id | Linux/x86 - back-connect TCP/2222 - 93 bytes |
| Matias Sedalo | Linux/x86 - execve /bin/sh encrypted - 58 bytes |
| Matias Sedalo | Linux/x86 - portbind a shell in port 5074 - 92 bytes |
| Matias Sedalo | Linux/x86 - chmod 666 /etc/shadow - 41 bytes |
| Matias Sedalo | Linux/x86 - chmod 666 shadow ENCRYPT - 75 bytes |
| Matias Sedalo | Linux/x86 - add user t00r ENCRYPT - 116 bytes |
| Jonathan Salwan | Linux/x86 - Shellcode Polymorphic chmod(/etc/shadow) & exit() - 54 bytes |
| vlad902 | Linux/x86 - Add User USER=t00r PASS=t00r - Encoder PexFnstenvSub - 116 bytes |
| oc192 | Linux/x86 - setreuid & execve - 31 bytes |
| Charles Stevenson | Linux/x86 - dup2(0,0); dup2(0,1); dup2(0,2); 15 bytes |
| Charles Stevenson | Linux/x86 - if(read(fd,buf,512)<=2) _exit(1) else buf(); - 29 bytes |
| Charles Stevenson | Linux/x86 - read(0,buf,2541); chmod(buf,4755); - 23 bytes |
| NicatiN | Linux/x86 - execve /bin/sh anti-ids 40 bytes |
| dx & spud | Linux/x86 - SWAP restore - 109 bytes |
| dx & spud | Linux/x86 - SWAP store - 99 bytes |
| Gotfault Security | Linux/x86 - Password Authentication portbind port 64713/tcp - 166 bytes |
| Gotfault Security | Linux/x86 - portbind port 64713 - 86 bytes |
| Gotfault Security | Linux/x86 - setuid(0) + setgid(0) + execve(\"/bin/sh\", [\"/bin/sh\", NULL]) - 37 bytes |
| Gotfault Security | Linux/x86 - setreuid(0,0) + execve(/bin/sh, [/bin/sh, NULL]) - 33 bytes |
| xort | Linux/x86 - Magic Byte Self Modifying Code for surviving - execve() _exit() - 76 bytes |
| xort | Linux/x86 - Radically Self Modifying Code - execve & _exit() - 70 bytes |
| xort | Linux/x86 - Alpha-Numeric using IMUL Method - 88 bytes |
| xort | Linux/x86 - alpha-numeric - 64 bytes |
| xort | Linux/x86 - examples of long-term payloads hide-wait-change (.s) |
| xort & izik | Linux/x86 - examples of long-term payloads hide-wait-change - 187 bytes+ |
| Russell Sanford | Linux/x86 - socket-proxy - 372 bytes |
| Russell Sanford | Linux/x86 - Connect Back shellcode - 90 bytes |
| Benjamin Orozco | Linux/x86 - SET_IP() Connectback Shellcode - 82 bytes |
| Benjamin Orozco | Linux/x86 - SET_PORT() portbind - 100 bytes |
| BaCkSpAcE | Linux/x86 - execve() Diassembly Obfuscation Shellcode - 32 bytes |
| c0ntex & BaCkSpAcE | Linux/x86 - /bin/sh sysenter Opcode Array Payload - 23 Bytes |
| oveRet | Linux/x86 - portbind (define your own port) - 84 bytes |
| izik | Linux/x86 - cat /dev/urandom > /dev/console, no real profit just for kicks - 63 bytes |
| izik | Linux/x86 - quick (yet conditional, eax != 0 and edx == 0) exit - 4 bytes |
| izik | Linux/x86 - eject & close cd-rom frenzy loop (follows /dev/cdrom symlink) - 45 bytes |
| izik | Linux/x86 - open cd-rom loop (follows /dev/cdrom symlink) - 39 bytes |
| izik | Linux/x86 - anti-debug trick (INT 3h trap) + execve(/bin/sh, [/bin/sh, NULL], NULL) - 39 bytes |
| izik | Linux/x86 - execve(/bin/sh, [/bin/sh], NULL) / encoded by +1 - 39 bytes |
| izik | Linux/x86 - execve /bin/sh xored for Intel x86 CPUID 41 bytes |
| izik | Linux/x86 - HTTP/1.x GET, Downloads and JMP - 68 bytes+ |
| izik | Linux/x86 - execve(/bin/sh, [/bin/sh, NULL]) + Bitmap - 27 bytes |
| izik | Linux/x86 - execve(/bin/sh, [/bin/sh, NULL]) + RIFF Header - 28 bytes |
| izik | Linux/x86 - execve(/bin/sh, [/bin/sh, NULL]) + RTF header - 30 bytes |
| izik | Linux/x86 - execve(/bin/sh, [/bin/sh, NULL]) + ZIP Header - 28 bytes |
| LiquidWorm | Linux/x86 - setuid(0) + setgid(0) + execve(echo 0 > /proc/sys/kernel/randomize_va_space) - 79 bytes |
| onionring | Linux/x86 - rm -rf / which attempts to block the process from being stopped - 132 bytes |
| sorrow | Linux/x86 - setresuid(0,0,0)-/bin/sh - 35 bytes |
| Marco Ivaldi | Linux/x86 - stdin re-open and /bin/sh execute |
| Marco Ivaldi | Linux/x86 - re-use of (/bin/sh) string in .rodata - 16 bytes |
| Marco Ivaldi | Linux/x86 - setuid/portbind port 31337 TCP - 96 bytes |
| Bunker | Linux/x86 - setreuid(0, 0) + execve(/bin//sh, [/bin//sh, -c, cmd], NULL); |
| Revenge | Linux/x86 - setuid(0) + execve(/bin//sh, [/bin//sh], NULL) - 28 bytes |
| Kris Katterjohn | Linux/x86 - forkbomb - 7 bytes |
| Kris Katterjohn | Linux/x86 - set system time to 0 & exit |
| Kris Katterjohn | Linux/x86 - kill all processes - 11 bytes |
| Kris Katterjohn | Linux/x86 - add root user (r00t) with no password to /etc/passwd |
| Kris Katterjohn | Linux/x86 - chmod(/etc/shadow, 0666) & exit() |
| mu-b | Linux/x86 - raw-socket ICMP/checksum shell - 235 bytes |
| GS2008 | Linux/x86 - Write FS PHP Connect Back Utility Shellcode - 508 bytes |
| 0in | Linux/x86 - connect back&send&exit /etc/shadow - 155 byte |
| militan | Linux/x86 - connect back, download a file and execute - 149 bytes |
| dun | Linux/x86 - iopl(3); asm(cli); while(1){} - 12 bytes |
| 0ut0fbound | Linux/x86 - execve read shellcode - 92 bytes |
| darkjoker | Linux/x86 - File unlinker 18 bytes + file path length |
| darkjoker | Linux/x86 - Perl script execution 99 bytes + script length |
| certaindeath | Linux/x86 - File Reader /etc/passwd - 65 bytes |
| Jonathan Salwan | Linux/x86 - setuid(0) & chmod(/tmp,111) & exit(0) - 25 bytes |
| Jonathan Salwan | Linux/x86 - chmod() /etc/shadow 666 & exit() - 30 bytes |
| Jonathan Salwan | Linux/x86 - SystemV killall command - 34 bytes |
| Jonathan Salwan | Linux/x86 - Push Reboot() - 30 bytes |
| Jonathan Salwan | Linux/x86 - Shutdown computer - 51 bytes |
| Jonathan Salwan | Linux/x86 - Ifconfig eth0 down - 51 bytes |
| Jonathan Salwan | Linux/x86 - Kill service apache2 + pure-ftpd + sshd - 81 bytes |
| Kris Katterjohn | Linux/x86 - ipchains -F - 40 bytes |
| XenoMuta | Linux/x86 - Connect-Back port UDP/54321 - 151 bytes |
| XenoMuta | Linux/x86 - append rsa key to /root/.ssh/authorized_keys2 - 295 bytes |
| Rick | Linux/x86 - edit /etc/sudoers for full access - 86 bytes |
| sch3m4 | Linux/x86 - setuid(0) & execve(/bin/sh,0,0) - 28 bytes |
| Thomas Rinsma | Linux/x86 - System Beep - 45 bytes |
| izik | Linux/x86 - HTTP/1.x GET, Downloads & execve() - 111 bytes+ |
| Revenge | Linux/x86 - execve(/bin//sh/,[/bin//sh],NULL) - 22 bytes |
| Kris Katterjohn | Linux/x86 - execve(rm -rf /) - 45 bytes |
| Russell Sanford | Linux/x86 - socket-proxy - 372 bytes |
| Charles Stevenson | Linux/x86 - exit(1) - 7 bytes |
| cybertronic | Linux/x86 - upload & exec - 189 bytes |
| dev0id | Linux/x86 - symlink /bin/sh xoring - 56 bytes |
| nob0dy | Linux/x86 - kill snort - 151 bytes |
| RaiSe | Linux/x86 - /bin/cp /bin/sh /tmp/katy & chmod 4555 - 126 bytes |
| lamagra | Linux/x86 - cdrom ejecting - 64 bytes |
| Matias Sedalo | Linux/x86 - chmod 666 /etc/shadow - 41 bytes |
| Matias Sedalo | Linux/x86 - execve(/bin/sh) - 24 bytes |
| izik | Linux/x86 - adds user xtz without password to /etc/passwd - 59 bytes |
| izik | Linux/x86 - bind /bin/sh to 31337/tcp - 80 bytes |
| izik | Linux/x86 - bind /bin/sh to 31337/tcp & fork() - 98 bytes |
| Marco Ivaldi | Linux/x86 - execve(/bin/sh) - 16 bytes |
| sch3m4 | Linux/x86 - setuid(0) && execve() - 25 bytes |
| jcyberpunk | Linux/x86 - setuid / setgid / chroot break |
| Russell Sanford | Linux/x86 - connect-back 11.22.33.44,31337/tcp - 90 bytes |
| izik | Linux/x86 - connect-back 127.0.0.1:31337/tcp - 74 bytes |
| |
|
| 10n1z3d | Linux/x86-64 - execve(/sbin/iptables, [/sbin/iptables, -F], NULL) - 49 bytes |
| Jonathan Salwan | Linux/x86-64 - Add root user with password - 390 bytes |
| Jonathan Salwan | Linux/x86-64 - Disable ASLR Security - 143 bytes |
| Jonathan Salwan | Linux/x86-64 - setuid(0) & chmod (/etc/passwd, 0777) & exit(0) - 63 byes |
| Jonathan Salwan | Linux/x86-64 - setuid(0) & reboot - 51 bytes |
| zbt | Linux/x86-64 - sethostname() & killall - 33 bytes |
| zbt | Linux/x86-64 - execve(/bin/sh); - 30 bytes |
| zbt | Linux/x86-64 - reboot(POWER_OFF) - 19 bytes |
| evil.xi4oyu | Linux/x86-64 - bindshell port:4444 shellcode - 132 bytes |
| evil.xi4oyu | Linux/x86-64 - setuid(0) + execve(/bin/sh) 49 bytes |
| hophet | Linux/x86-64 - execve(/bin/sh, [/bin/sh], NULL) - 33 bytes |
| |
|
| rigan | Linux/mips - reboot() - 32 bytes |
| rigan | Linux/mips - connect back shellcode (port 0x7a69) - 168 bytes |
| rigan | Linux/mips - add user(UID 0) with password - 164 bytes |
| rigan | Linux/mips - execve /bin/sh - 48 bytes |
| entropy | Linux/mips - execve(/bin/sh, */bin/sh, 0) - 52 bytes |
| vaicebine | Linux/mips - port bind 4919 - 276 bytes |
| vaicebine | Linux/mips - execve(/bin/sh,[/bin/sh],[]); - 60 bytes |
| core | Linux/mips - execve(/bin/sh) - 56 bytes |
| |
|
| killah | Linux/sparc - connect back - 216 bytes |
| killah | Linux/sparc - Portbind 8975/tcp - 284 bytes |
| anathema | Linux/sparc - [setreuid(0,0); execve() of /bin/sh] - 64 bytes |
| michel kaempf | Linux/sparc - setreuid(0,0)&standard execve() - 72 bytes |
| |
|
| Palante | Linux/ppc - execve /bin/sh - 112 bytes |
| Charles Stevenson | Linux/ppc - read & exec shellcode - 32 bytes |
| Charles Stevenson | Linux/ppc - connect back execve /bin/sh - 240 bytes |
| Charles Stevenson | Linux/ppc - execve /bin/sh - 60 bytes |
| |
|
| Neil Klopfenstein | Linux/ARM - connect back /bin/sh. 79 bytes |
| Jonathan Salwan | Linux/ARM - add root user with password - 151 bytes |
| Daniel Godas-Lopez | Linux/ARM - Bindshell port 0x1337 |
| Daniel Godas-Lopez | Linux/ARM - Bind Connect UDP Port 68 |
| Daniel Godas-Lopez | Linux/ARM - Loader Port 0x1337 |
| Daniel Godas-Lopez | Linux/ARM - ifconfig eth0 and Assign Address |
| Jonathan Salwan | Linux/ARM - execve(/bin/sh, [0], [0 vars]) - 27 bytes |
| Jonathan Salwan | Linux/ARM - execve(/bin/sh,NULL,0) - 31 bytes |
| Jonathan Salwan | Linux/ARM - Polymorphic execve("/bin/sh", ["/bin/sh"], NULL); - XOR 88 encoded - 78 bytes |
| Florian Gaultier | Linux/ARM - polymorphic chmod(/etc/shadow, 0777) - 84 Bytes |
| Jonathan Salwan | Linux/ARM - Disable ASLR Security - 102 bytes |
| Florian Gaultier | Linux/ARM - chmod(/etc/shadow, 0777) Shellcode - 35 Bytes |
| Jonathan Salwan | Linux/ARM - Kill all processes (with/without _setuid) - 28 bytes |
| Jonathan Salwan | Linux/ARM - setuid(0) & execve(/bin/sh, /bin/sh, 0) - 38 bytes |
| Jonathan Salwan | Linux/ARM - execve(/bin/sh, /bin/sh, 0) - 30 bytes |
| |
|
| funkysh | Linux/StrongARM - bind() portshell - 203 bytes |
| funkysh | Linux/StrongARM - setuid() - 20 bytes |
| funkysh | Linux/StrongARM - execve() - 47 bytes |
| |
|
| Jonathan Salwan | Linux/SuperH - sh4 - setuid(0) ; execve(/bin/sh, NULL, NULL) - 27 bytes |
| Dad` | Linux/SuperH - sh4 - Bind /bin/sh on port 31337 |
| Jonathan Salwan | Linux/SuperH - sh4 - add root user with password - 143 bytes |
| Jonathan Salwan | Linux/SuperH - sh4 - setuid(0) - chmod(/etc/shadow, 0666) - exit(0) - 43 bytes |
| Florian Gaultier | Linux/SuperH - sh4 execve(/bin/sh, 0, 0) - 19 bytes |
