HTTPS Fetch, Windows Upload/Execute, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcpallports msf payloadreversetcpallports show actions...

HTTP Fetch, Windows Upload/Execute, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/upexec/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION ms...

HTTP Fetch, Windows Upload/Execute, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could...

PT-2025-45132

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a...

EUVD-2020-23919

Malware in sbrugna...

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

Powershell Exec, Windows Upload/Execute, Reverse All-Port TCP Stager

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/powershell/upexec/reversetcpallports msf payloadreversetcpallports show actions...

Powershell Exec, Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Listen for a connection Module Options msf use payload/cmd/windows/powershell/upexec/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4...

Powershell Exec, Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/upexec/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...

Powershell Exec, Windows Upload/Execute, Windows x86 Bind Named Pipe Stager

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/powershell/upexec/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTI...

Powershell Exec, Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/upexec/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION...

CVE-2022-26500

Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code...

flatCore Code Issue Vulnerability

flatCore is a lightweight content management system CMS based on PHP and SQLite. A security vulnerability exists in flatCore versions prior to 1.5.7. An attacker can exploit the vulnerability to upload and execute .php files...

CVE-2019-7669

Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application’s web root with root privileges...

Windows Upload/Execute, Reverse TCP Stager with UUID Support

Uploads an executable and runs it staged. Connect back to the attacker with UUID Support This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 329 include Msf::Payload::Stager include...

Windows Upload/Execute, Hidden Bind Ipknock TCP Stager

Uploads an executable and runs it staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socket will appea...

Windows Upload/Execute, Hidden Bind TCP Stager

Uploads an executable and runs it staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize =...

Joomla 1.5.12 - tinybrowser Remote File Upload/Execute Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Uploads an executable and runs it staged. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 438 include Msf::Payload::Stager include...

Windows Upload/Execute, Reverse TCP Stager (DNS)

Uploads an executable and runs it staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 321 include Msf::Payload::Stager include...