Windows Inject PE Files, Reverse All-Port TCP Stager

Type metasploit
Reporter Rapid7
Modified 2020-12-07T10:31:45


Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains relocation data and a valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks are not currently supported. Also PE files which use resource loading might crash. . Try to connect back to the attacker, on all possible ports (1-65535, slowly)

                                            <!DOCTYPE html>
	<meta charset="UTF-8" />
	<meta content="" name="csrf-token" />
	<meta content="width=device-width, initial-scale=1" name="viewport" />
	<title>Lightspeed System - Web Access</title>
	<link rel="stylesheet" href="/css/access/access.css" type="text/css" />
	<link rel="icon" href="/images/favicon.ico" type="image/x-icon" />

<script type='text/javascript'>
	window.onload = function(){
		var form = document.getElementById("login_form");
		document.getElementById("submit_link").addEventListener("click", function(){

	function enter_submit(e) {
		if (e && e.keyCode == 13) {
			var form = document.getElementById("login_form");

	<div class="page-icon">
		<div class="page-icon--img page-icon--imgAccess">


	<div class="strip"><h1>Captive Portal</h1>

		<p class="text--blueGray">Please login to browse the internet.</p>


	<div class="override">
		<form id="login_form" class="form" action="/access/portal" method="post">
			<span onkeyup="enter_submit(event);">
				<select name="auth_source_id"><option value="3">AD</option><option value="1">local users</option></select>
				<input type="hidden" name="id" value="45YVTDUESKJV4TJ4K64CM3WA0TCM2IJ5" />
				<input type="text" name="username" placeholder="Username" />
				<input type="password" name="password" placeholder="Password" />
			<a id="submit_link" class="button button--blue" href="#">Login</a>


			<div class="signinForm-options l-flex l-flex--vAlignBaseline">
				<div class="l-flex-item--allotWidth">
					<section class="signinSSOButtons signinSSOButtons--noAnimation">