6850 matches found
HTTP Fetch, Linux Command Shell, Reverse TCP Stager
Fetch and execute an MIPSBE payload from an HTTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/http/mipsbe/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...
HTTP Fetch
Fetch and execute an MIPSLE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/mipsle/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
FreePBX Custom Extension SQL Injection
FreePBX versions prior to 16.0.44,16.0.92 and 17.0.23,17.0.6 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61675, in the context of this module. The versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are...
N-able N-Central Authentication Bypass and XXE Scanner
This module scans for vulnerable N-able N-Central instances affected by CVE-2025-9316 Unauthenticated Session Bypass and CVE-2025-11700 XXE. The module attempts to exploit CVE-2025-9316 by sending a sessionHello SOAP request to the ServerMMS endpoint with various appliance IDs to obtain an...
ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete
This module exploits a path traversal vulnerability CVE-2023-2915 in ThinManager use auxiliary/admin/networking/thinmanagertraversaldelete msf auxiliarythinmanagertraversaldelete show actions ...actions... msf auxiliarythinmanagertraversaldelete set ACTION msf auxiliarythinmanagertraversaldelete...
Sante PACS Server Path Traversal (CVE-2025-2264)
This module exploits a path traversal vulnerability CVE-2025-2264 in Sante PACS Server use auxiliary/gather/pacsservertraversal msf auxiliarypacsservertraversal show actions ...actions... msf auxiliarypacsservertraversal set ACTION msf auxiliarypacsservertraversal show options ...show and set...
HTTPS Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an PPC64 payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/ppc64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp...
Kerberos TGT/TGS Ticket Requester
This module requests TGT/TGS Kerberos tickets from the KDC Module Options msf use auxiliary/admin/kerberos/getticket msf auxiliarygetticket show actions ...actions... msf auxiliarygetticket set ACTION msf auxiliarygetticket show options ...show and set options... msf auxiliarygetticket run This...
Linux Reboot
A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/linux/loongarch64/reboot msf payloadreboot show actions ...actions... msf payloadreboot set ACTION msf...
HTTP Fetch, Linux Execute Command
Fetch and execute an MIPSLE payload from an HTTP server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes as well as on targets with extremely limited buffer space. Module Options msf use payload/cmd/linux/http/mipsle/exec msf payloadexec show...
HTTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an PPC64 payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/ppc64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...
PandoraFMS Netflow Authenticated Remote Code Execution
This module exploits a command injection vulnerability in Netflow component of PandoraFMS. The module requires a set of user credentials to modify Netflow settings. Also, Netflow binaries have to be present on the system. Module Options msf use exploit/linux/http/pandorafmsauthnetflowrce msf...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an MIPSBE payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/mipsbe/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp...
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...
HTTPS Fetch
Fetch and execute an MIPSLE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/mipsle/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show a...
TFTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an ARMLE payload from a TFTP server. Connect to target and spawn a command shell Module Options msf use payload/cmd/linux/tftp/armle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show an...
Python Exec, Python Meterpreter Shell, Bind TCP Inline
Execute a Python payload from a command. Connect to the victim and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp set ACTION msf payloadmeterpreterbindtcp show...
HTTP Fetch, Linux Reboot
Fetch and execute an RISC-V 64-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv64le/reboot msf...
TFTP Fetch, Linux Add User
Fetch and execute an ARMLE payload from a TFTP server. Create a new user with UID 0 Module Options msf use payload/cmd/linux/tftp/armle/adduser msf payloadadduser show actions ...actions... msf payloadadduser set ACTION msf payloadadduser show options ...show and set options... msf payloadadduser...
HTTPS Fetch
Fetch and execute an MIPSLE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/ppc/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show...
HTTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)
Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/http/x64/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION...
PHP Exec, PHP Command Shell, Bind TCP (via php) IPv6
Execute a PHP payload as an OS command from a Posix-compatible shell. Listen for a connection and spawn a command shell via php IPv6 Module Options msf use payload/cmd/unix/php/bindphpipv6 msf payloadbindphpipv6 show actions ...actions... msf payloadbindphpipv6 set ACTION msf payloadbindphpipv6...
HTTPS Fetch
Fetch and execute an AARCH64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/aarch64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options...
Ray cpu_profile command injection
Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...
vmwgfx Driver File Descriptor Handling Priv Esc
If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tries to recover by deallocating the already populated file descriptor. This is wrong, as the fd gets released via putunusedfd which shouldn't be used, as the fd table slot was already populated via the previous call to...
HTTP Fetch
Fetch and execute a PPC64LE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/ppc64le/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and se...
User Profile Arbitrary Junction Creation Local Privilege Elevation
The user profile service, identified as ProfSrv, is vulnerable to a local privilege elevation vulnerability in its CreateDirectoryJunction function due to a lack of appropriate checks on the directory structure of the junctions it tries to link together. Attackers can leverage this vulnerability ...
HTTP Fetch, Linux Execute Command
Fetch and execute an AARCH64 payload from an HTTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/http/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... m...
HTTPS Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an MIPSLE payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/mipsle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...
VICIdial Authenticated Remote Code Execution
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Module Options msf use...
DIAEnergie SQL Injection (CVE-2024-4548)
SQL injection vulnerability in DIAEnergie use exploit/windows/scada/diaenergiesqli msf exploitdiaenergiesqli show targets ...targets... msf exploitdiaenergiesqli set TARGET msf exploitdiaenergiesqli show options ...show and set options... msf exploitdiaenergiesqli exploit class MetasploitModule...
Atlassian Confluence Administrator Code Macro Remote Code Execution
This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will...
Apache Superset Signed Cookie Priv Esc
Apache Superset versions use auxiliary/gather/apachesupersetcookiesigprivesc msf auxiliaryapachesupersetcookiesigprivesc show actions ...actions... msf auxiliaryapachesupersetcookiesigprivesc set ACTION msf auxiliaryapachesupersetcookiesigprivesc show options ...show and set options... msf...
VIM Plugin Persistence
This module creates a VIM Plugin which executes a payload on VIM startup. Module Options msf use exploit/linux/persistence/vimplugin msf exploitvimplugin show targets ...targets... msf exploitvimplugin set TARGET msf exploitvimplugin show options ...show and set options... msf exploitvimplugin...
Windows Service for User (S4U) Scheduled Task Persistence - Event Trigger
Creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job'...
HTTP Fetch
Fetch and execute an AARCH64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/aarch64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and s...
TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution
This module exploits an unauthenticated remote code-execution vulnerability in TerraMaster TOS 4.2.06 and lower via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system und...
Anonymous FTP Access Detection
Detect anonymous read/write FTP service access. Module Options msf use auxiliary/scanner/ftp/ftpanonymous msf auxiliaryftpanonymous show actions ...actions... msf auxiliaryftpanonymous set ACTION msf auxiliaryftpanonymous show options ...show and set options... msf auxiliaryftpanonymous run...
AD/CS Authenticated Web Enrollment Services Module
Authenticates to the AD/CS Web enrollment service and allows the user to query templates and create certificates based on available templates. Module Options msf use auxiliary/admin/http/webenrollmentcert msf auxiliarywebenrollmentcert show actions ...actions... msf auxiliarywebenrollmentcert set...
Taiga tribe_gig authenticated unserialize remote code execution
This module exploits an unserialization flaw by creating a userstory in a project. Module Options msf use exploit/multi/http/taigatribegigunserial msf exploittaigatribegigunserial show targets ...targets... msf exploittaigatribegigunserial set TARGET msf exploittaigatribegigunserial show options...
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...
OS Command Exec, Unix Command Shell, Reverse TCP SSL (via perl)
Execute an OS command from PHP. Creates an interactive shell via perl, uses SSL Module Options msf use payload/php/unix/cmd/reverseperlssl msf payloadreverseperlssl show actions ...actions... msf payloadreverseperlssl set ACTION msf payloadreverseperlssl show options ...show and set options... ms...
HTTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an MIPSLE payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/mipsle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...
BIND TSIG Badtime Query Denial of Service
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TSIG Badtime Query Denial of Service...
OS Command Exec, Unix Command Shell, Pingback Bind TCP (via netcat)
Execute an OS command from PHP. Accept a connection, send a UUID, then exit Module Options msf use payload/php/unix/cmd/pingbackbind msf payloadpingbackbind show actions ...actions... msf payloadpingbackbind set ACTION msf payloadpingbackbind show options ...show and set options... msf...
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
This module exploits an improper access control vulnerability in Cisco Smart Software Manager SSM On-Prem use auxiliary/admin/http/ciscossmonpremaccount msf auxiliaryciscossmonpremaccount show actions ...actions... msf auxiliaryciscossmonpremaccount set ACTION msf auxiliaryciscossmonpremaccount...
udev Persistence
This module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It'll be executed with root privileges everytime a network interface other than l0 comes up. Execution is triggered through at command, so it must be installed on the target. Module Options msf use...
TFTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an PPC payload from an TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
This module exploits an access control issue in Ivanti Virtual Traffic Manager vTM, by adding a new administrative user to the web interface of the application. Affected versions include 22.7R1, 22.6R1, 22.5R1, 22.3R2, 22.3, 22.2. Module Options msf use auxiliary/admin/http/ivantivtmadmin msf...
Atlassian Confluence WebWork OGNL Injection
This module exploits an OGNL injection in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. Module Options msf use exploit/multi/http/atlassianconfluencewebworkognlinjection msf exploitatlassianconfluencewebworkognlinjection show targets ...targets... msf...