1246 matches found
FTP Fetch
Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/windows/ftp/x64/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadexec run Th...
FTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an PPC64 payload from an FTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/ftp/ppc64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...
FTP Fetch, Linux x64 Pingback, Reverse TCP Inline
Fetch and execute an x64 payload from an FTP server. Connect back to attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/ftp/x64/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf payloadpingbackreverset...
FTP Fetch, Reverse TCP Stager
Fetch and execute a x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/ftp/x86/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...
FTP Fetch, Linux Execute Command
Fetch and execute an RISC-V 32-bit payload from an FTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/ftp/riscv32le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run...
FTP Fetch
Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/linux/ftp/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and set...
Klog Server <=2.41 - Unauthenticated Command Injection
Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...
Linux Execute Command
Execute an arbitrary command. Module Options msf use payload/linux/loongarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run frozenstringliteral: true This module requires Metasploit:...
June Linux Patch Wednesday
June Linux Patch Wednesday. A total of 1,888 vulnerabilities 324 in the Linux kernel, and a whopping 728 in Chromium ❗️. For comparison, there were 1,638 vulnerabilities in May. The increase isn't as dramatic as it was from April to May, but it's still a new record. One of the vulnerabilities has...
OS Command Exec, Unix Command Shell, Bind TCP (via socat)
Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/bindsocattcp msf payloadbindsocattcp show actions ...actions... msf payloadbindsocattcp set ACTION msf payloadbindsocattcp show options ...show and set options... msf...
Unix Command Shell, Bind TCP (via socat)
Creates an interactive shell via socat Module Options msf use payload/cmd/unix/bindsocattcp msf payloadbindsocattcp show actions ...actions... msf payloadbindsocattcp set ACTION msf payloadbindsocattcp show options ...show and set options... msf payloadbindsocattcp run This module requires...
📄 Palo Alto GlobalProtect Authentication Bypass
This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. The vulnerability stems from CWE-565: Reliance on Cookies without Validation and Integrity Checking. An unauthenticated remote attacker can forge...
ClickFix Server Creation
This Metasploit module creates a web server which hosts a ClickFix type exploit. When a user visits the site they are given instructions on pasting our payload into a run dialog. When using a custom html page, please use INSERTPAYLOADHERE as the spot to put the generated payload in...
programming-for-penetration-testing-buffer-overflow-exploit
Buffer Overflow Exploit in Ruby Overview This project was...
📄 GestioIP 3.5.7 Remote Command Execution
This Metasploit module exploits a command execution via file upload. If GestioIP is configured to use no authentication for admin account, no password is required to exploit the vulnerability. Otherwise, an authenticated user with admin right on the web site is required to exploit. This module...
VIM Plugin Persistence
This Metasploit module creates a VIM Plugin which executes a payload on VIM startup...
📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation
This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...
📄 MISP 2.5.27 Workflow Engine Cross Site Scripting
This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...
📄 NocoBase 2.0.27 Sandbox Escape / Remote Code Execution
This code is a Metasploit Auxiliary module designed to exploit a remote code execution vulnerability in NocoBase versions 2.0.27 and below. It targets a flaw in the server-side script execution engine flownodes that allows breaking out of the JavaScript sandbox...
📄 Dovecot OTP Replay Attack
This Metasploit auxiliary module targets a vulnerability in Dovecot's OTP One-Time Password authentication system that allows potential replay attacks when authentication caching is enabled and username handling is improperly managed...