Lucene search
K
MetasploitMost viewed

6848 matches found

Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•401 views

HTTPS Fetch

Fetch and execute an MIPSLE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/mipsle/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and s...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/12/05 7:51 p.m.•401 views

VMware vCenter vScalation Priv Esc

This module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was...

7.8CVSS8.5AI score0.01808EPSS
Exploits5
Metasploit
Metasploit
•added 2025/05/13 6:49 p.m.•399 views

WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)

Exploits two distinct authorization bypasses in SureTriggers/OttoKit plugin: - CVE-2025-3102: admin creation via St-Authorization Bearer empty - CVE-2025-27007: reset access key via connection endpoint & admin creation with Bearer header Module Options msf use...

9.8CVSS8.1AI score0.76286EPSS
Exploits10
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•399 views

HTTP Fetch

Fetch and execute an ARMBE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/armbe/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and s...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/11/29 7:52 p.m.•399 views

Remote Control Collection RCE

This module utilizes the Remote Control Server's, part of the Remote Control Collection by Steppschuh, protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.1.1.12, current at the time of...

9.3CVSS5.4AI score0.01561EPSS
Exploits1
Metasploit
Metasploit
•added 2026/04/14 7:0 p.m.•398 views

Selenium Grid/Selenoid Unauthenticated RCE

Selenium Grid and Selenoid expose a WebDriver API that allows creating browser sessions with arbitrary capabilities. When deployed without authentication the default for both, an attacker can achieve remote code execution through two browser-specific techniques: For Chrome, the goog:chromeOptions...

6.2AI score
Exploits0
Metasploit
Metasploit
•added 2025/11/26 6:53 p.m.•398 views

IGEL OS Privilege Escalation (via systemd service)

Escalate privileges for IGEL OS Workspace Edition sessions, by modifying network-manager.service using setupcmd SUID and network, then restarting the service. Module Options msf use exploit/linux/local/igelnetworkprivesc msf exploitigelnetworkprivesc show targets ...targets... msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/06/09 6:51 p.m.•398 views

OS Command Exec, Unix Command Shell, Reverse UDP (/dev/udp)

Execute an OS command from PHP. Creates an interactive shell via bash's builtin /dev/udp. This will not work on circa 2009 and older Debian-based Linux distributions including Ubuntu because they compile bash without the /dev/udp feature. Module Options msf use payload/php/unix/cmd/reversebashudp...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•398 views

HTTPS Fetch, Linux Reboot

Fetch and execute an MIPSBE payload from an HTTPS server. A very small shellcode for rebooting the system. This payload is sometimes helpful for testing purposes or executing other payloads that rely on initial startup procedures. Requires CAPSYSBOOT privileges. Module Options msf use...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•396 views

HTTP Fetch, Linux Add User

Fetch and execute an ARMLE payload from an HTTP server. Create a new user with UID 0 Module Options msf use payload/cmd/linux/http/armle/adduser msf payloadadduser show actions ...actions... msf payloadadduser set ACTION msf payloadadduser show options ...show and set options... msf payloadadduse...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2012/06/13 4:20 a.m.•396 views

TFM MMPlayer (m3u/ppl File) Buffer Overflow

This module exploits a buffer overflow in MMPlayer 2.2 The vulnerability is triggered when opening a malformed M3U/PPL file that contains an overly long string, which results in overwriting a SEH record, thus allowing arbitrary code execution under the context of the user. This module requires...

9.3CVSS8.2AI score0.31074EPSS
Exploits1
Metasploit
Metasploit
•added 2025/06/09 6:51 p.m.•395 views

OS Command Exec, Unix Command, Interact with Established Connection

Execute an OS command from PHP. Interacts with a shell on an established socket connection Module Options msf use payload/php/unix/cmd/interact msf payloadinteract show actions ...actions... msf payloadinteract set ACTION msf payloadinteract show options ...show and set options... msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2022/07/19 5:42 p.m.•395 views

LDAP Query and Enumeration Module

This module allows users to query an LDAP server using either a custom LDAP query, or a set of LDAP queries under a specific category. Users can also specify a JSON or YAML file containing custom queries to be executed using the RUNQUERYFILE action. If this action is specified, then QUERYFILEPATH...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2026/01/14 6:54 p.m.•394 views

WMI Event Subscription Event Log Persistence

This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified USERNAMETRIGGER note: failed logon auditing must be enabled on...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2026/01/14 6:54 p.m.•394 views

Control Web Panel /admin/index.php Unauthenticated RCE

Control Web Panel CWP versions use exploit/linux/http/controlwebpanelapicmdexec msf exploitcontrolwebpanelapicmdexec show targets ...targets... msf exploitcontrolwebpanelapicmdexec set TARGET msf exploitcontrolwebpanelapicmdexec show options ...show and set options... msf...

7.3CVSS6AI score0.01186EPSS
Exploits3
Metasploit
Metasploit
•added 2025/10/27 6:58 p.m.•394 views

Windows Registry Only Persistence

This module will install a payload that is executed during boot. It will be executed either at user logon or system startup via the registry value in "CurrentVersion\Run" or "RunOnce" depending on privilege and selected method. The payload will be installed completely in registry. Module Options...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2025/08/29 6:53 p.m.•394 views

Periodic Script Persistence

This module will achieve persistence by writing a script to the /etc/periodic directory. According to The Art of Mac Malware no such malware species persist in this manner 2024. This payload requires root privileges to run. This module can be run on BSD, OSX or Arch Linux. Module Options msf use...

7AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•394 views

HTTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an MIPSBE payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/mipsbe/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2013/08/25 7:30 p.m.•394 views

CUPS 1.6.1 Root File Read

This module exploits a vulnerability in CUPS 'CUPS 1.6.1 Root File Read', 'Description' = %q This module exploits a vulnerability in CUPS 1.6.2, an open source printing system. CUPS allows members of the lpadmin group to make changes to the cupsd.conf configuration, which can specify an Error Log...

7.2CVSS9.3AI score0.02128EPSS
Exploits2
Metasploit
Metasploit
•added 2022/06/07 5:43 p.m.•393 views

Microsoft Office Word MSDTJS

This module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code. Module Options msf use exploit/windows/fileformat/wordmsdtjsrce msf exploitwordmsdtjsrce show...

9.3CVSS7.1AI score0.99374EPSS
Exploits62
Metasploit
Metasploit
•added 2026/01/05 6:59 p.m.•392 views

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an RISC-V 64-bit payload from an HTTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/http/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•391 views

HTTP Fetch, Linux dup2 Command Shell, Bind TCP Stager

Fetch and execute an ARMLE payload from an HTTP server. dup2 socket in r12, then execve. Listen for a connection Module Options msf use payload/cmd/linux/http/armle/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show an...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2025/01/08 6:55 p.m.•391 views

Selenium geckodriver RCE

Selenium Server Grid use exploit/linux/http/seleniumgreedfirefoxrcecve202228108 msf exploitseleniumgreedfirefoxrcecve202228108 show targets ...targets... msf exploitseleniumgreedfirefoxrcecve202228108 set TARGET msf exploitseleniumgreedfirefoxrcecve202228108 show options ...show and set options...

9.3CVSS7.3AI score0.11816EPSS
Exploits6
Metasploit
Metasploit
•added 2025/05/16 6:51 p.m.•390 views

Gather Ticket Granting Service (TGS) tickets for User Service Principal Names (SPN)

This module will try to find Service Principal Names that are associated with normal user accounts. Since normal accounts' passwords tend to be shorter than machine accounts, and knowing that a TGS request will encrypt the ticket with the account the SPN is running under, this could be used for a...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/03/17 6:52 p.m.•390 views

Microsoft Windows SMB to LDAP Relay

This module supports running an SMB server which validates credentials, and then attempts to execute a relay attack against an LDAP server on the configured RHOSTS hosts. It is not possible to relay NTLMv2 to LDAP due to the Message Integrity Check MIC. As a result, this will only work with NTLMv...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2026/02/12 6:59 p.m.•389 views

GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061

The telnetd service from GNU InetUtils is vulnerable to authentication-bypass, tracked as CVE-2026-24061, in versions up to version 2.7. During Telnet authentication the SB byte can be sent to indicate sub-negotiation which allows for the exchange of sub-option parameters after both parties have...

9.8CVSS7.8AI score0.98871EPSS
Exploits60
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•389 views

HTTP Fetch

Fetch and execute an ARMBE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/armbe/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•389 views

HTTPS Fetch, Linux Execute Command

Fetch and execute an MIPSLE payload from an HTTPS server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes as well as on targets with extremely limited buffer space. Module Options msf use payload/cmd/linux/https/mipsle/exec msf payloadexec show...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2025/06/09 6:51 p.m.•388 views

OS Command Exec, Unix Command Shell, Bind TCP (via netcat)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via netcat Module Options msf use payload/php/unix/cmd/bindnetcat msf payloadbindnetcat show actions ...actions... msf payloadbindnetcat set ACTION msf payloadbindnetcat show options ...show and set options... msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2024/10/15 6:54 p.m.•388 views

BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)

This module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI: 1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. 2. CVE-2024-45257: Authenticated command injection in the payload generation page...

9.8CVSS8.8AI score0.05635EPSS
Exploits3
Metasploit
Metasploit
•added 2026/01/27 6:55 p.m.•387 views

SSH Key Persistence

This module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use. Module Options...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/12/30 6:58 p.m.•387 views

GeoServer WMS GetMap XXE Arbitrary File Read

This module exploits an XML External Entity XXE vulnerability in GeoServer via the WMS GetMap operation. The vulnerability allows reading arbitrary files from the server's file system by injecting an XXE entity in the SLD Styled Layer Descriptor. Affected versions: - GeoServer = 2.26.0, use...

9.8CVSS6.1AI score0.66753EPSS
Exploits4
Metasploit
Metasploit
•added 2025/08/13 6:54 p.m.•387 views

HTTPS Fetch

Fetch and execute an x64 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x64/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadexec ru...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2025/06/09 6:51 p.m.•387 views

OS Command Exec, Unix Command Shell, Double Reverse TCP (telnet)

Execute an OS command from PHP. Creates an interactive shell through two inbound connections Module Options msf use payload/php/unix/cmd/reverse msf payloadreverse show actions ...actions... msf payloadreverse set ACTION msf payloadreverse show options ...show and set options... msf payloadrevers...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/06/09 6:51 p.m.•387 views

OS Command Exec, Unix Command Shell, Reverse TCP (via Ruby)

Execute an OS command from PHP. Connect back and create a command shell via Ruby Module Options msf use payload/php/unix/cmd/reverseruby msf payloadreverseruby show actions ...actions... msf payloadreverseruby set ACTION msf payloadreverseruby show options ...show and set options... msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/01/24 6:55 p.m.•387 views

Craft CMS Twig Template Injection RCE via FTP Templates Path

This module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to Remote Code Execution RCE. Module Options msf use exploit/linux/http/craftcmsftptemplate msf...

9.8CVSS9.2AI score0.97446EPSS
Exploits9
Metasploit
Metasploit
•added 2023/01/24 7:51 p.m.•387 views

Python Exec, Python Meterpreter Shell, Reverse HTTP Inline

Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf...

7AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•386 views

HTTPS Fetch

Fetch and execute an ARMBE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/armbe/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2023/10/19 7:50 p.m.•386 views

Atlassian Confluence Unauthenticated Remote Code Execution

This module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator...

10CVSS9.2AI score0.99156EPSS
Exploits39
Metasploit
Metasploit
•added 2025/10/01 6:56 p.m.•385 views

Windows Shortcut (LNK) Padding

This module generates Windows LNK shortcut file that can execute arbitrary commands. The LNK file uses environment variables and execute its arguments from COMMANDLINEARGUMENTS with extra juicy whitespace character padding bytes and concatenates the actual payload. Module Options msf use...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2025/06/09 6:51 p.m.•385 views

OS Command Exec, Add user with useradd

Execute an OS command from PHP. Creates a new user. By default the new user is set with sudo but other options exist to make the new user automatically root but this is not automatically set since the new user will be treated as root and login may be difficult. The new user can also be set as jus...

5.7AI score
Exploits0
Metasploit
Metasploit
•added 2025/02/20 6:55 p.m.•385 views

HTTP Fetch

Fetch and execute an ARMBE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/armbe/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show a...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2023/09/09 7:51 p.m.•385 views

VMware vRealize Log Insight Unauthenticated RCE

VMware vRealize Log Insights versions v8.x contains multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the...

8.9AI score
Exploits0
Metasploit
Metasploit
•added 2015/03/10 4:4 a.m.•385 views

ElasticSearch Search Groovy Sandbox Bypass

This module exploits a remote command execution RCE vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox can be bypass...

9.8CVSS10AI score0.99906EPSS
Exploits19
Metasploit
Metasploit
•added 2026/04/15 7:2 p.m.•383 views

openDCIM install.php SQL Injection to RCE

This module exploits a SQL injection vulnerability in openDCIM's install.php endpoint CVE-2026-28515 to achieve remote code execution. The install.php script remains accessible after installation and processes LDAP configuration parameters via UpdateParameter without authentication or input...

9.3CVSS6.2AI score0.01157EPSS
Exploits3
Metasploit
Metasploit
•added 2026/01/05 6:59 p.m.•383 views

HTTP Fetch, Linux Reboot

Fetch and execute an RISC-V 32-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv32le/reboot msf...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2020/04/10 8:6 p.m.•383 views

Execute .net Assembly (x64 only)

This module executes a .NET assembly in memory. It reflectively loads a dll that will host CLR, then it copies the assembly to be executed into memory. Credits for AMSI bypass to Rastamouse @RastaMouse This module requires Metasploit: https://metasploit.com/download Current source:...

7AI score
Exploits0
Metasploit
Metasploit
•added 2026/01/05 6:59 p.m.•382 views

HTTP Fetch, Linux Chmod

Fetch and execute an RISC-V 32-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2025/10/16 6:57 p.m.•382 views

Service System V Persistence

This module will create a service via System V on the box, and mark it for auto-restart. We need enough access to write service files and potentially restart services. Some systems include backwards compatibility, such as Ubuntu up to about 16.04. Targets: CentOS use...

5.8AI score
Exploits0
Metasploit
Metasploit
•added 2026/01/05 6:59 p.m.•381 views

HTTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an RISC-V 64-bit payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...

5.8AI score
Exploits0
Total number of security vulnerabilities5000