Remote root exploit for Samba 2.2.x and prior that works against Linux (all distributions), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x and 3.2 non-executable stack). It has a scanning abilities so a range of machines can be penetration tested at once on a network.
d6672353da22242d8fc89098e6e31eb2c358a76ff09164f2b7f0f5060a5f0c03
Solaris Sparc shellcode that writes netric was here.
e3af7d99040def573ba17626a6c290811b8d7652264094ec8340fdf45dac57c5
Solaris Sparc shellcode that sets the effective uid to 0 and executes a shell.
b4f74f95b8bd45fe94c359024720079f6ee3e0151ca7a8a1f62db7483e21af68
Core grep is a utility that works like grep but was designed to be used against core files.
d20e5c8dc13d0cce1e98db9f2a8559cb03f62d5dee59b44f124f195121335d7e
Gespuis acts as an irc bouncer and exploits BitchX/Epic clients spawning a bindshell.
dd15eaa198ba5124d4a8fee6a3430072539d129c6f1f74f1e39e66f5101144cb
Linux x86 shellcode that plays /tmp/wav.
fb85d75711fadc267300b543395f49fba747f72fadfbbf8a0d7b72ba000d8dfd
Linux x86 shell code that flushes iptables.
f41d98b684a98ae4ddb6475aa4b3d8dcdc3580000bb8b4a4687c7e68ac12e4f8
BSD x86 194 byte forking portbind shellcode.
679460791b82bc71cc358ebb7838a48a15a4b36b0568f604d4ecd681342df6cc
Linux x86 200 byte forking portbind shellcode.
8596f6bc924b6a977ba4454ed405e1eae9f64cab5c9f56b54386872551a9c83e
BSD x86 124 byte connect back shellcode.
5c802bdef5259c9a4b2a1f2cce119173bc88d78f7568286a371993d88972fcd1
Linux x86 131 byte connect back shellcode.
2f7b6f86b4a4d840961d8bbb4ba116066ddd329e45325fc389c858403fdb8850
ISC dhcpd v3.0.1rc8 and below remote root format string exploit. Tested against Debian 3.0, Mandrake 8.1, Red Hat 7.2, 7.3, and 8.0, and SuSE 7.3. Includes the option to check for vulnerability on any platform by crashing the service.
dc98b1acb4120f20825c608246e44cb64ff5010e26e9ed5cbf306e84e6158122
Xsun-expl.c is a local exploit for the SPARC architecture that makes use of the Xsun -co heap overflow found in April, 2002 on Solaris 2.6, 7, and 8.
97e55a2ca5d9e617ff856cd2414f020155d9ce6262a00ab465fbed2df4dbfdb0
291 byte BSD ptrace shellcode which injects a bindcode into the ppid, useful for breaking chroot.
6550b1322a482de0869c99df39964fef13a59b4b140fc85adee39bda14d4dcaf
Remote root exploit for Linux systems running Null httpd 0.5.0. Tested to work against Red Hat Linux 7.3.
f3ad09d77c82a11ae03bbf3d43ee72abb5ba62e08fc75bd608fa3668f74758b5
nbtstat is a NetBIOS name lookup tool. This tool provides similar functionality as the nbtstat package by Todd Sabin.
631d06ed5ab62c8e09176aacdd3b3916bedf336095ec0c415116bb6ae0ceb738
BSD x86 shellcode which does a seteuid(0,0); execve /bin/sh; exit.
5ebf0df299333aa85731a40589283c24601e346f27eb4c85540bbcb350879e59
Linux x86 shellcode which does a seteuid(0,0); execve /bin/sh; exit.
6cc8b3b1f1020f760ddff5d729e18b3d55edc7d5fa9c559ca025ce8ea9f1a718
AFD v1.2.14 local root heap overflow exploit. Includes offset for Redhat 7.3 and instructions for finding offsets.
ba11ab3a60f47300732402f63f4607eedc8d209f484e0f0110e129539aaa8781
mayday.c ported to Windows with Cygwin by here.
f81814e793e5a10cdc99db3199af9b69c783d40388670df372d1e74de3dfe1c0
mayday.c - SHOUTcast v1.8.9 remote linux/x86 exploit. Included shellcode binds to port 10000. Advisory available here.
cf57fccf75cc0dcfa305f423ad2a3440aa5b6d87bea093ab6c0a2841a6d6f92b
Nullsoft's SHOUTcast v1.8.9 contains a buffer overflow which can be exploited by a DJ to gain shell access to the system. Windows, Linux, and FreeBSD are known to be vulnerable.
7158bd00e24e44b040e478a07b40240d2a892aa29113f26ce162fe843ee4f733
Posadis m5pre1 local buffer overflow exploit.
02990a3bf9a9b52f587bd26ec96d8142429acc8d34e02e69e765ef4fb60221b1
Posadis m5pre2 local format string exploit.
025e81c77e339b0490a61b132dcf3996293528d7e06703be59938c0e883873e7
IIS 5.0 remote win32 exploit for the null.printer buffer overflow.
ce2073743bd10136edc549bb174a68f191651fd565885d653fb6d128c2ecc388