112 matches found
FTP Fetch, Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Listen for a connection with UUID Support Windows x86 Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module...
FTP Fetch, Windows Command Shell, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Use an established connection Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
FTP Fetch, Windows Command Shell, Reverse TCP Inline
Fetch and execute an x86 payload from an FTP server. Connect back to attacker and spawn a command shell Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
FTP Fetch, Windows Command Shell, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Listen for a connection No NX Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
FTP Fetch, Windows Command Shell, Reverse TCP Stager
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
FTP Fetch, Windows Command Shell, Bind TCP Stager (Windows x86)
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Listen for a connection Windows x86 Module Options...
FTP Fetch, Windows Command Shell, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get yo...
FTP Fetch, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
Peyara Remote Mouse 1.0.1 Unauthenticated Remote Code Execution
This module exploits an unauthenticated remote code execution vulnerability in Peyara Remote Mouse 1.0.1. The application exposes a Socket.IO WebSocket service on TCP port 1313 and accepts unauthenticated keyboard input events. The module sends keyboard events to open the Windows command prompt a...
EUVD-2024-55605
launch-editor vulnerable to command injection via the crafted request on Windows...
PT-2026-46090
Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...
CVE-2024-52011
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...
CVE-2024-52011
The CVE affects the launch-editor component used with Node.js in vite prior to version 2.9.0, where insufficient sanitization of the file argument in launchEditor allowed an attacker to execute arbitrary commands on Windows by supplying a filename with special characters. The issue is resolved in...
JLSEC-2026-115 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass
Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp sho...
HTTPS Fetch, Windows Command Shell, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/shell/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...
HTTP Fetch, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/shell/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf...
HTTP Fetch, Windows Command Shell, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/shell/reversetcpallports msf payloadreversetcpallports show actions ...actions...
HTTP Fetch, Windows Command Shell, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/shell/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf...