OS Command Exec, Unix Command Shell, Reverse TCP (via AWK)

Execute an OS command from PHP. Creates an interactive shell via GNU AWK Module Options msf use payload/php/unix/cmd/reverseawk msf payloadreverseawk show actions ...actions... msf payloadreverseawk set ACTION msf payloadreverseawk show options ...show and set options... msf payloadreverseawk run...

OS Command Exec, Unix Command Shell, Bind TCP (via Ruby)

Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via Ruby Module Options msf use payload/php/unix/cmd/bindruby msf payloadbindruby show actions ...actions... msf payloadbindruby set ACTION msf payloadbindruby show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse UDP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/reversesocatudp msf payloadreversesocatudp show actions ...actions... msf payloadreversesocatudp set ACTION msf payloadreversesocatudp show options ...show and set options... msf...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

Blackash-CVE-2025-24071 CVE-2025-24071: NTLM Hash Leak via...

Metasploit Wrap-Up 05/30/2025

The internet is a series of Tube SOCKS Metasploit has supported SOCKS proxies for years now, being able to both act as both a client by setting the Proxies datastore option and a server by running the auxiliary/server/socksproxy module. While Metasploit has supported both SOCKS versions 4a and 5,...

Metasploit Wrap-Up

Making Metasploit faster This week's wrap-up includes many new modules, but notably, we've upgraded Metasploit loading. Thanks to bcoles, the bootup performance when searching for a module has been increased in 20166. Also, we've reduced Metasploit startup time - in 20155. New module content 6...

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

Metasploit Wrap-Up 05/16/2025

New modules for everyone This week’s release is packed with new module content. We have RCE modules for Car Rental System 1.0, Wordpress plugins SureTriggers, User Registration and Membership. We also have a persistence module for LINQPad software and an auxiliary module for POWERCOM UPSMON PRO. ...

Metasploit Wrap-Up 05/09/2025

New Toys and New Techniques This release features a new OPNSense login scanner, a module targeting the Sante PACS path traversal vulnerability, an additional method for stealing Network Access Account credentials via SMB to HTTP relay, and the Erlang/OTP SSH exploit everyone was excited about. Ne...

Metasploit Wrap-Up 05/02/2025

Meterpreter Extended API Clipboard Monitoring Security is hard, and Open Source Security is a collaborative effort. This week, Metasploit released a fix for a vulnerability that was privately disclosed to us by long-time community member bcoles. The vulnerability in question impacted Metasploit...

Machine Learning for Cyber-Attack Identification from Traffic Flows

This paper presents our simulation of cyber-attacks and detection strategies on the traffic control system in Daytona Beach, FL. using Raspberry Pi virtual machines and the OPNSense firewall, along with traffic dynamics from SUMO and exploitation via the Metasploit framework. We try to answer the...

📄 Langflow AI Remote Code Execution

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

Metasploit Weekly Wrap-Up 04/11/2025

Spring Exploits This weekly release of Metasploit Framework includes new RCE exploit modules for several vulnerable applications: Appsmith, a low-code application platform which contains a misconfiguration on PostgreSQL CVE-2024-55964; Pandora FMS, a monitoring solution, where, once gained access...

📄 PgAdmin Query Tool Authenticated Remote Code Execution

This Metasploit module exploits a vulnerability in pgAdmin where an authenticated user can establish a connection to the query tool and send a specific payload in the querycommited POST parameter. This payload is directly executed via a Python eval statement, resulting in remote code execution in...

Appsmith RCE

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. Module Options msf use exploit/linux/http/appsmithrcecve202455964 msf exploitappsmithrcecve202455964 show targets ...targets... msf...

📄 Appsmith Remote Code Execution

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CrushFTP AWS4-HMAC Authentication Bypass

This module leverages an authentication bypass in CrushFTP 11 use auxiliary/gather/crushftpauthbypasscve20252825 msf auxiliarycrushftpauthbypasscve20252825 show actions ...actions... msf auxiliarycrushftpauthbypasscve20252825 set ACTION msf auxiliarycrushftpauthbypasscve20252825 show options...

Metasploit Wrap-Up 03/28/2025

Windows LPE - Cloud File Mini Filer Driver Heap Overflow This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver. This driver allows users to manage and sync files between a remote server and a local...

Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit

This module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. Module Options msf use exploit/windows/http/sitecorexpcve202527218 msf...

Sitecore CVE-2025-27218 BinaryFormatter Deserialization

This Metasploit module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. This module requires Metasploit: https://metasploit.com/download Current...