22 matches found
Python Execute Command
Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...
OpenNMS Horizon 31.0.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...
HTTPS Fetch
Fetch and execute an x64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and...
HTTP Fetch, Linux Command Shell, Find Port Inline
Fetch and execute an x64 payload from an HTTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/http/x64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show an...
OpenTSDB 2.4.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.0 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
Windows shellcode stage, Find Tag Ordinal Stager
Custom shellcode stage. Use an established connection Module Options msf use payload/windows/custom/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf payloadfindtag run This module requires Metasploit...
BACnet Scanner
Discover BACnet devices by broadcasting Who-is message, then poll discovered devices for properties including model name, software version, firmware revision and description. Module Options msf use auxiliary/scanner/scada/bacnetl3 msf auxiliarybacnetl3 show actions ...actions... msf...
NSClient++ 0.5.2.35 Remote Code Execution Exploit
This Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled. This module requires Metasploit: https://metasploit.com/download Curre...
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author' = 'Omri Baso', discovery 'Fabien Aunay', discovery...
OpenNetAdmin 18.1.1 Command Injection
class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit module , 'References' = 'EDB', '47691' , 'DisclosureDate' =...
Python Pingback, Reverse TCP (via python)
Connects back to the attacker, sends a UUID, then terminates module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python include Msf::Payload::Pingback include Msf::Payload::Pingback::Options def initializeinfo = supermergeinfoinfo, 'Name' = 'Python...
BSD Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 100 This is so one-off that we define it here ARCHVAX = 'vax' include...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1062084 include...
Command Shell, Reverse UDP (via python)
Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...
LAquis SCADA 4.1.0.2385 - Directory Traversal Exploit
Exploit for multiple platform in category remote exploits require 'msf/core' class MetasploitModule 'LAquis SCADA Web Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability found in the LAquis SCADA application. The...
Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure Exploit
Exploit for windows platform in category web applications require 'msf/core' class MetasploitModule 'Carlo Gavazzi Powersoft Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft 'james fitts' , 'License' = MSFLICENSE,...
Windows Local User Account Hash Carver
This module will change a local user's password directly in the registry. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Local User Account Hash Carver', 'Description...
Windows Gather HeidiSQL Saved Password Extraction
This module extracts saved passwords from the HeidiSQL client. These passwords are stored in the registry. They are encrypted with a custom algorithm. This module extracts and decrypts these passwords. This module requires Metasploit: https://metasploit.com/download Current source:...
SAP ICF /sap/public/info Service Sensitive Information Gathering
This module uses the /sap/public/info service within SAP Internet Communication Framework ICF to obtain the operating system version, SAP version, IP address and other information. This module requires Metasploit: https://metasploit.com/download Current source:...
Dell iDRAC Default Login
This module attempts to login to a iDRAC webserver instance using default username and password. Tested against Dell Remote Access Controller 6 - Express version 1.50 and 1.85, Controller 7 - Enterprise 2.63.60.62 Controller 8 - Enterprise 2.83.05 Controller 9 - Enterprise 4.40.00.00 This module...