HTTPS Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show option...

HTTP Fetch, Linux Command Shell, Bind TCP Stager (Linux x86)

Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for a connection Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show...

HTTPS Fetch, Linux Command Shell, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTPS server. Spawn a command shell staged. Connect back to attacker over IPv6 Module Options msf use payload/cmd/linux/https/x86/shell/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...

HTTP Fetch, Linux Command Shell, Bind IPv6 TCP Stager (Linux x86)

Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for an IPv6 connection Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...

HTTPS Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...sh...

HTTP Fetch, Linux Command Shell, Bind TCP Stager with UUID Support (Linux x86)

Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for a connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute a x86 payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/x86/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

HTTPS Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show option...

HTTP Fetch, Linux Execute Command

Fetch and execute an x64 payload from an HTTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/http/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

TFTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

HTTPS Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...sh...

HTTPS Fetch, Linux Command Shell, Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Listen for a connection Module Options msf use payload/cmd/linux/https/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...

Apache Spark Unauthenticated Command Injection RCE

This module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs...

CVE-2020-16238

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user...

Microsoft OMI Management Interface Authentication Bypass Exploit

By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...

HackTools

This is a web browser extension for penetration testing, called HackTools. It is a comprehensive toolset for web application security testing, providing various features such as: Dynamic shell generation PHP, Bash, Ruby, Python, Perl, Netcat XSS payload generation Common SQL injection payloads...

Mikaelbr Node-notifier Operating System Command Injection Vulnerability

Mikaelbr Node-notifier is a Javascript-based codebase for sending rulers for Mac, Windows, and Linux by the individual developer Mikaelbr. A security vulnerability exists in node-notifier versions prior to 9.0.0, which allows an attacker to exploit the vulnerability to run arbitrary commands on a...

Flerken - Obfuscated Command Detection Tool

Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile,...

Updated util-linux packages fix security vulnerability

A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion CVE-2018-7738...

Dmitry Stack Buffer Overflow Vulnerability

DMitry Deepmagic Information Gathering Utility is a UNIX/GNU Linux command line program coded purely in C that gathers as much information about the host as possible. DMitry Deepmagic Information Gathering Tool suffers from a stack buffer overflow vulnerability that can be exploited by an attacke...