Mobile Mouse 3.6.0.4 Remote Code Execution Exploit

This Metasploit module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.6.0.4, the current version at the time of module...

Windows shellcode stage, Reverse TCP Stager (IPv6)

Custom shellcode stage. Connect back to the attacker over IPv6 Module Options msf use payload/windows/custom/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show options ...show and set options... msf...

Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)

Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/windows/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show options ...show and set options... msf...

Powershell Exec, Bind TCP Stager (Windows x86)

Execute an x86 payload from a command via PowerShell. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

Local Privilege Escalation in polkits pkexec

A bug exists in the polkit pkexec binary in how it processes arguments. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populat...

Microsoft Spooler Local Privilege Elevation Vulnerability

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...

Oracle WebLogic Server Administration Console Handle RCE

This module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0...

Jenkins 2.56 CLI Deserialization / Code Execution Exploit

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data...

Anviz CrossChex Buffer Overflow

Waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom broadcast, triggering a stack buffer overflow. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Anviz...

Solaris EXTREMEPARR dtappgather Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Solaris 'EXTREMEPARR' dtappgather Privilege Escalation", 'Description' = %q This module exploits a directory traversal vulnerability in the...

Microsoft Windows LNK File Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that...

Windows Inject DLL, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Inject a custom DLL into the exploited process. Listen for an IPv6 connection with UUID Support Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 331 include...

Linux PolicyKit Race Condition Privilege Escalation

A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to...

Zimbra Collaboration Server - LFI

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include...

LPRng use_syslog Remote Format String Vulnerability

No description provided by source. $Id: lprngformatstring.rb 9666 2010-07-03 01:09:32Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

HP SiteScope issueSiebelCmd Remote Code Execution

This module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope...

SAP ConfigServlet - Remote Payload Execution (Metasploit)

SAP ConfigServlet - Remote Payload Execution Metasploit require 'msf/core' class Metasploit3 'SAP ConfigServlet Remote Code Execution', 'Description' = %q This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. , 'Author' =...

Setuid Tunnelblick Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Symantec System Center Alert Management System - 'hndlrsvc.exe' Arbitrary Command Execution (Metasploit)

$Id: amshndlrsvc.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

XTACACSD <= 4.1.2 report Buffer Overflow

XTACACSD. CVE-2008-7232. Remote exploit for freebsd platform $Id: xtacacsdreport.rb 9262 2010-05-09 17:45:00Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information o...