571 bytes small Microsoft Windows x86 dynamic bind shell and null-free shellcode.

223 bytes small dynamic, null-free popcalc shellcode.

195 bytes small Windows/x86 null-free WinExec Calc.exe shellcode.

232 bytes small Dynamic MessageBoxA||W PEB and Import Table Method shellcode.

210 bytes small WinExec add-admin dynamic null-free shellcode.

26 bytes small Linux/x86 reboot polymorphic shellcode.

33 bytes small Linux/x86 egghunter null-free shellcode.

63 bytes small Linux/x64_86 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve(/bin/bash) shellcode.

272 bytes small Linux/x86_64 null free password protected bindshell shellcode.

57 bytes small Linux/x64_86 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload.

39 bytes small Linux/x86 egghunter null-free shellcode. The egghunter dynamically searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs.

Ac4p.com Gallery version 1.0 suffers from cross site scripting, phpinfo disclosure, shell upload, and insecure cookie handling vulnerabilities.

Denapars Shop Script suffers from administrative bypass, shell upload, and insecure cookie handling vulnerabilities.

9 bytes small Microsoft Windows 7 screen locking shellcode.

Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities.

P5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.

This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.

FileThingie version 2.5.7 suffers from a remote shell upload vulnerability.

Centraleyezer suffers from a remote shell upload vulnerability.

FlashGet version 1.9.6 remote buffer overflow proof of concept exploit.

33 bytes small Win32 egg searching shellcode that should work on all service packs of Microsoft Windows XP, 2k, and 2k3.

52 bytes small Win32/XP SP3 windows magnifier shellcode.

56 bytes small Win32/XP SP3 shutdown windows shellcode with a 30 second timer.

107 bytes small Linux/x86 shellcode that adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.