6847 matches found
HTTPS Fetch, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...
Azure CLI Credentials Gatherer
This module will collect the Azure CLI 2.0+ az cli settings files for all users on a given target. These configuration files contain JWT tokens used to authenticate users and other subscription information. Once tokens are stolen from one host, they can be used to impersonate the user from a...
Windows Gather Virtual Environment Detection
This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, QEMU, and Parallels. This module requires Metasploit: https://metasploit.com/download Current source:...
HTTPS Fetch, Windows x64 IPv6 Bind TCP Stager
Fetch and execute an x64 payload from an HTTPS server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...sh...
HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/meterpreter/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show...
HTTPS Fetch, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...
HTTP Fetch, Bind TCP Stager
Fetch and execute an x64 payload from an HTTP server. Listen for a connection Module Options msf use payload/cmd/linux/http/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...
Vagrant Synced Folder Vagrantfile Breakout
This module exploits a default Vagrant synced folder shared folder to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable 'vagrant' directory o...
Cayin CMS NTP Server RCE
This module exploits an authenticated RCE in Cayin CMS 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module 'Gjoko Krstic LiquidWorm '...
HTTPS Fetch, Windows Command Shell, Hidden Bind TCP Inline
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from certain IP and spawn a command shell. The shellcode will reply with a RST packet if the connections is not coming from the IP defined in AHOST. This way the port will appear as "closed" helping us to hide the...
HTTPS Fetch, Windows Upload/Execute, Bind IPv6 TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION ms...
HTTP Fetch, Bind IPv6 TCP Stager with UUID Support (Linux x86)
Fetch and execute a x86 payload from an HTTP server. Listen for an IPv6 connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/http/x86/meterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
HTTP Fetch, Linux Meterpreter Service, Reverse TCP Inline
Fetch and execute a x86 payload from an HTTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/http/x86/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf payloadmetsvcreversetcp...
HTTP Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager
Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...
HTTP Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an HTTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/http/x64/vncinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show option...
HTTP Fetch, Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager
Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/http/x64/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTI...
HTTPS Fetch, Windows Command Shell, Reverse UDP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/shell/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...
HTTPS Fetch, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/vncinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentc...
MajorDoMo Supply Chain RCE via Update Poisoning
This module exploits an unauthenticated remote code execution vulnerability in MajorDoMo's saverestore module via supply chain poisoning. The saverestore module's admin method is reachable without authentication through the /objects/?module=saverestore endpoint because usual calls admin directly...
HTTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline (x64)
Fetch and execute an x64 payload from an HTTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x64/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...
HTTPS Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/https/x64/custom/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf...
HTTP Fetch, Windows x64 IPv6 Bind TCP Stager with UUID Support
Fetch and execute an x64 payload from an HTTP server. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/http/x64/meterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
Windows Registry Persistence via Userinit
This module will install a payload that is executed during user logon. It writes a payload executable to disk and modifies the Userinit registry value in "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" to append the payload path, causing it to execute when any user logs in. Module...
Delta Electronics InfraSuite Device Master Deserialization
Delta Electronics InfraSuite Device Master versions below v1.0.5 have an unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket' method of the 'Device-Gateway-Status' process. The 'ParseUDPPacket' method reads user-controlled packet data and eventually calls...
TFTP Fetch
Fetch and execute an x64 payload from a TFTP server. Module Options msf use payload/cmd/windows/tftp/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run This module requires Metasploit:...
HTTPS Fetch, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager
Fetch and execute an x64 payload from an HTTPS server. Spawn a piped command shell Windows x64 staged. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTI...
HTTPS Fetch, Windows x64 Pingback, Reverse TCP Inline
Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and report UUID Windows x64 Module Options msf use payload/cmd/windows/https/x64/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...
AMQP 0-9-1 Login Check Scanner
This module will test AMQP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Module Options msf use auxiliary/scanner/amqp/amqplogin msf...
GestioIP 3.5.7 Remote Command Execution
This module exploits a command execution via file upload. If GestioIP is configured to use no authentication for admin account, no password is required to exploit the vulnerability. Otherwise, an authenticated user with admin right on the web site is required to exploit. Module Options msf use...
HTTPS Fetch, Windows Command Shell, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/shell/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtc...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/shell/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...
HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf...
TFTP Fetch, Linux Command Shell, Bind IPv6 TCP Stager (Linux x86)
Fetch and execute a x86 payload from a TFTP server. Spawn a command shell staged. Listen for an IPv6 connection Linux x86 Module Options msf use payload/cmd/linux/tftp/x86/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...
HTTP Fetch
Fetch and execute a x86 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x86/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and set...
HTTPS Fetch, Windows Meterpreter Shell, Reverse TCP Inline (IPv6) (x64)
Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/https/x64/meterpreterreverseipv6tcp msf payloadmeterpreterreverseipv6tcp show actions ...actions... msf...
TFTP Fetch
Fetch and execute an x64 payload from a TFTP server. Module Options msf use payload/cmd/windows/tftp/x64/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options ...show and...
HTTPS Fetch
Fetch and execute an x64 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x64/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options ...show a...
HTTP Fetch, Windows x64 Reverse TCP Stager
Fetch and execute an x64 payload from an HTTP server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/http/x64/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and s...
HTTP Fetch, Linux Command Shell, Bind TCP Stager
Fetch and execute an x64 payload from an HTTP server. Spawn a command shell staged. Listen for a connection Module Options msf use payload/cmd/linux/http/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...
Grandstream UCM62xx IP PBX sendPasswordEmail RCE
This module exploits an unauthenticated SQL injection vulnerability CVE-2020-5722 and a command injection vulnerability technically, no assigned CVE but was inadvertently patched at the same time as CVE-2019-10662 affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities all...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/shell/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set...
HTTPS Fetch, Windows Upload/Execute, Reverse TCP Stager (IPv6)
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/https/x86/upexec/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set...
FreePBX filestore authenticated command injection
This module exploits an authenticated command injection vulnerability CVE-2025-64328 in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH...
HTTPS Fetch
Fetch and execute a PPC64LE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/ppc64le/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show...
SMB Fetch, Windows Encrypted Reverse Shell
Fetch and execute an x64 payload from an SMB server. Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/cmd/windows/smb/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute a x86 payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/x86/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...
TFTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute a x86 payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x86/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...
TFTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...
Xerte Online Toolkits Arbitrary File Upload - Import Language
This module exploits an authentication bypass allowing arbitrary file upload in versions 3.14 and earlier to upload and execute a shell. Module Options msf use exploit/multi/http/xerteunauthenticatedimportlanguage msf exploitxerteunauthenticatedimportlanguage show targets ...targets... msf...
Ivanti Avalanche MDM Buffer Overflow
This module exploits a buffer overflow condition in Ivanti Avalanche MDM versions before v6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This vulnerability occurs...