1194 matches found
HTTPS Fetch, Linux Execute Command
Fetch and execute an MIPSBE payload from an HTTPS server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes. Module Options msf use payload/cmd/linux/https/mipsbe/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf...
TFTP Fetch, Linux Command Shell, Reverse TCP Stager
Fetch and execute an MIPSBE payload from a TFTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/mipsbe/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...
HTTP Fetch
Fetch and execute an MIPSLE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/mipsle/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and...
TFTP Fetch
Fetch and execute an ARMBE payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/armbe/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and se...
TFTP Fetch
Fetch and execute an ARMLE payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/armle/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
TFTP Fetch
Fetch and execute an MIPSBE payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/mipsbe/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and...
TFTP Fetch
Fetch and execute an AARCH64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/aarch64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and se...
HTTP Fetch
Fetch and execute an PPC payload from an HTTP server. Module Options msf use payload/cmd/linux/http/ppc/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
Fetch and execute an AARCH64 payload from an HTTP server. dup2 socket in x12, then execve. Connect back to the attacker Module Options msf use payload/cmd/linux/http/aarch64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp sh...
HTTP Fetch, Reverse TCP Stager
Fetch and execute an MIPSBE payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/mipsbe/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...
HTTPS Fetch, Linux Reboot
Fetch and execute an MIPSLE payload from an HTTPS server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/https/mipsle/reboot msf payloadreboo...
TFTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an MIPSBE payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/mipsbe/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sh...
HTTP Fetch
Fetch and execute an ARMBE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/armbe/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show a...
InvokeAI Remote Code Execution Exploit
InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...
Ivanti Connect Secure HTTP Scanner
This module will perform authentication scanning against Ivanti Connect Secure Module Options msf use auxiliary/scanner/ivanti/loginscanner msf auxiliaryloginscanner show actions ...actions... msf auxiliaryloginscanner set ACTION msf auxiliaryloginscanner show options ...show and set options... m...
CVE-2022-3365 Emote Interactive Remote Mouse Server command injection due to weak encoding
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...
CVE-2022-3365
CVE-2022-3365 affects Remote Mouse Server by Emote Interactive. The Red Hat, NVD, and CVE records describe unauthenticated remote code execution via the server’s protocol, tied to weak encoding (trivial substitution cipher) and default password use when none is set, with Metasploit tests against ...
Craft CMS Twig Template Injection / Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS Twig Template Injection RCE via FTP Templates Path', 'Description' = %q This module exploits a Twig template injection vulnerability in...
Craft CMS Twig Template Injection RCE via FTP Templates Path
This module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to Remote Code Execution RCE. Module Options msf use exploit/linux/http/craftcmsftptemplate msf...
Craft CMS Twig Template Injection / Remote Code Execution
This Metasploit module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to remote code execution. This module requires Metasploit: https://metasploit.com/download Current...