402 matches found
HTTPS Fetch, Bind TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...
HTTPS Fetch, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
HTTPS Fetch, Windows shellcode stage, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Use an established connection Module Options msf use payload/cmd/windows/https/x86/custom/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and...
HTTPS Fetch, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid s...
HTTPS Fetch, Windows shellcode stage, Windows x86 Bind Named Pipe Stager
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/custom/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...
HTTPS Fetch, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/dllinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentc...
HTTPS Fetch, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The sock...
HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
HTTPS Fetch, Windows shellcode stage, Reverse UDP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/custom/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...
HTTPS Fetch, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and s...
HTTPS Fetch, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...
HTTP Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows winhttp Module Options msf use payload/cmd/windows/http/x86/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...
CVE-2026-32947
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS DoH vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like...
CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and setfollowlocationtrue, any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new...
ABB AWIN Gateways
SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. AWIN gateways are not intended to be internet-facing. An attacker who successfully exploited this vulnerability could take...
Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass (cisco-sa-wsa-archive-bypass-Scx2e8zF)
According to its self-reported version, Cisco Secure Web Appliance Real-Time Scanning Archive File Bypass is affected by a vulnerability. - A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an...
CVE-2026-20056
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
EUVD-2026-5425
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
CVE-2026-20056 Cisco Secure Web Appliance TBD Bypass Vulnerability
A vulnerability in the Dynamic Vectoring and Streaming DVS Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is du...
CVE-2026-20056
Cisco AsyncOS for Cisco Secure Web Appliance is affected by a DVS Engine vulnerability (CVE-2026-20056) that can allow an unauthenticated remote attacker to bypass the anti‑malware scanner and cause download of malicious archive files. The issue stems from improper handling of certain archives, e...