VIM Plugin Persistence

This module creates a VIM Plugin which executes a payload on VIM startup. Module Options msf use exploit/linux/persistence/vimplugin msf exploitvimplugin show targets ...targets... msf exploitvimplugin set TARGET msf exploitvimplugin show options ...show and set options... msf exploitvimplugin...

Powershell Profile Persistence

This module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean removal by...

Microsoft Windows Active Setup Persistence Module

This Metasploit module leverages the Windows Active Setup mechanism to establish persistence while integrating multiple evasion and stealth techniques designed to reduce forensic visibility and bypass detection mechanisms...

Emacs Extension Persistence

This module adds a lisp based malicious extension to the emacs configuration file. When emacs is opened, the extension will be loaded and the payload will be executed. Tested against emacs 29.3 build 1 on Ubuntu Desktop 24.04. Module Options msf use exploit/linux/persistence/emacsextension msf...

Metasploit Wrap-Up 01/09/2026

RISC-V Payloads This week brings more RISC-V payloads from community member bcoles. One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to th...

Metasploit Wrap-Up 11/07/2025

New module content 3 Centreon authenticated command injection leading to RCE via broker engine "reload" parameter Author: h00die-gr3y [email protected] Type: Exploit Pull request: 20672 contributed by h00die-gr3y Path: linux/http/centreonauthrcecve20255946 AttackerKB reference: CVE-2025-5946...

Metasploit Wrap-Up 10/24/2025

Let us suggest persistence… This week's edition brings the new persistence suggester from h00die. Similar to the exploit variant, this module will list the available persistence mechanisms for your selected target. The module requires a session to target the machine, so it can run check methods...

Metasploit Wrap-Up 10/03/2025

Windows LNK and Linux persistence This week, happybear-21 introduced four new modules that abuse Windows Shell Link LNK to execute various attacks. Three of these modules are designed to trigger authentication attempts to a remote server, facilitating the harvesting of NTLM authentication...

Service SystemD override.conf Persistence

This module will create an override.conf file for a SystemD service on the box. The ExecStartPost hook is used to launch the payload after the service is started. We need enough access typically root to write in the /etc/systemd/system directory and potentially restart services. Verified on Ubunt...

update-motd.d Persistence

This module will add a script in /etc/update-motd.d/ in order to persist a payload. The payload will be executed with root privileges everytime a user logs in. Root privileges are likely required to write to /etc/update-motd.d/. Verified on Ubuntu 22.04 Module Options msf use...

Obsidian Plugin Persistence

This module searches for Obsidian vaults for a user, and uploads a malicious community plugin to the vault. The vaults must be opened with community plugins enabled NOT restricted mode, but the plugin will be enabled automatically. Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows...

com.arassec.igor:igor-spring-boot-starter (>=0.6.7 <=0.6.8), com.arassec.igor:igor-standalone (>=0.6.7 <=0.6.8) +211 more potentially affected by CVE-2023-3894 via com.fasterxml.jackson.dataformat:jackson-dataformat-toml (>=2.12.3 <=2.14.2)

com.fasterxml.jackson.dataformat:jackson-dataformat-toml MAVEN version =2.12.3, =0.6.7, =0.6.7, =0.6.7, =0.0.1, =0.18.3, =0.18.3, =0.18.3, =0.18.3, =0.18.3, =0.18.3, =2023.2, =1.1.6, =3.0.0-snapshot.20240126.12648.0.va9dc2d63, =3.0.0-snapshot.20240126.12648.0.va9dc2d63,...

Costin Raiu on the Equation Group APT

CANCUN–Dennis Fisher talks with Costin Raiu of the Kaspersky Lab GReAT team about the researcher behind the Equation Group campaign, the group’s capabilities and why they seem to have gone dark now. READ Massive Decades Long Cyberespionage Campaign Uncovered READ Inside nls933w.dll, the Equation...