6849 matches found
TFTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...
HTTPS Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an HTTPS server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/https/x64/vncinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show...
HTTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an x64 payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...
Python Exec, Python Meterpreter Shell, Reverse HTTPS Inline
Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf...
FLIR AX8 unauthenticated RCE
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability...
Cassandra Web File Read Vulnerability
This module exploits an unauthenticated directory traversal vulnerability in Cassandra Web 'Cassandra Web' version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module Module Options msf use...
HTTPS Fetch, Windows Command Shell, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Use an established connection Module Options msf use payload/cmd/windows/https/x86/shell/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options...
HTTPS Fetch
Fetch and execute an MIPSLE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/ppc/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
SMB Fetch
Fetch and execute an x64 payload from an SMB server. Module Options msf use payload/cmd/windows/smb/x64/powershellbindtcp msf payloadpowershellbindtcp show actions ...actions... msf payloadpowershellbindtcp set ACTION msf payloadpowershellbindtcp show options ...show and set options... msf...
HTTPS Fetch, Bind IPv6 TCP Stager (Linux x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection Linux x86 Module Options msf use payload/cmd/linux/https/x86/meterpreter/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show...
HTTP Fetch, Linux Command Shell, Bind IPv6 TCP Stager with UUID Support (Linux x86)
Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for an IPv6 connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set...
TFTP Fetch, Reverse TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
TFTP Fetch, Windows x64 Reverse HTTPS Stager (winhttp)
Fetch and execute an x64 payload from a TFTP server. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...
TFTP Fetch, Windows Command Shell, Encrypted Reverse TCP Stager
Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell staged. Connect to MSF and read in stage Module Options msf use payload/cmd/windows/tftp/x64/encryptedshell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...
HTTP Fetch, Windows x64 Command Shell, Windows x64 Bind TCP Stager
Fetch and execute an x64 payload from an HTTP server. Spawn a piped command shell Windows x64 staged. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtc...
HTTPS Fetch, Windows x64 Bind TCP Stager
Fetch and execute an x64 payload from an HTTPS server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...
HTTP Fetch
Fetch and execute an x64 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x64/powershellbindtcp msf payloadpowershellbindtcp show actions ...actions... msf payloadpowershellbindtcp set ACTION msf payloadpowershellbindtcp show options ...show and set options... msf...
HTTP Fetch, Linux x64 Command Shell, Reverse TCP Inline (IPv6)
Fetch and execute an x64 payload from an HTTP server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/http/x64/shellreverseipv6tcp msf payloadshellreverseipv6tcp show actions ...actions... msf payloadshellreverseipv6tcp set ACTION msf...
Sun/Oracle GlassFish Server Authenticated Code Execution
This module logs in to a GlassFish Server Open Source or Commercial using various methods such as authentication bypass, default credentials, or user-supplied login, and deploys a malicious war file in order to get remote code execution. It has been tested on Glassfish 2.x, 3.0, 4.0 and Sun Java...
Gogs Git Rebase Argument Injection RCE
This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...
HTTPS Fetch, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf...
Simple
Simple NOP generator Module Options msf use nop/riscv32le/simple msf nopsimple show actions ...actions... msf nopsimple set ACTION msf nopsimple show options ...show and set options... msf nopsimple run This module requires Metasploit: https://metasploit.com/download Current source:...
SMB Fetch, Windows x64 Bind Named Pipe Stager
Fetch and execute an x64 payload from an SMB server. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
This module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and achieve RCE. GoAnywhere MFT versions 6.x from 6.0.1, and 7.x before 7.4.1 are vulnerable. Module Options m...
HTTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute a x86 payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...
TFTP Fetch, Bind TCP Stager
Fetch and execute a x86 payload from a TFTP server. Listen for a connection Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set options...
Amazon Web Services EC2 SSM enumeration
Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all SSM-enabled EC2 instances accessible to the account. Once enumerated as SSM-enabled, the instances can be controlled using out-of-band WebSocket sessions provided by the AWS API nominally,...
TFTP Fetch, Windows x64 Reverse TCP Stager
Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and s...
HTTP Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an HTTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/http/x64/vncinject/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...
HTTPS Fetch, Windows x64 Reverse HTTP Stager (winhttp)
Fetch and execute an x64 payload from an HTTPS server. Tunnel communication over HTTP Windows x64 winhttp Module Options msf use payload/cmd/windows/https/x64/vncinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinht...
HTTPS Fetch, Linux x64 Command Shell, Bind TCP Inline (IPv6)
Fetch and execute an x64 payload from an HTTPS server. Listen for an IPv6 connection and spawn a command shell Module Options msf use payload/cmd/linux/https/x64/shellbindipv6tcp msf payloadshellbindipv6tcp show actions ...actions... msf payloadshellbindipv6tcp set ACTION msf...
SYSTEM token impersonation through NTLM bits authentication on missing WinRM Service.
This module exploit BITS behavior which tries to connect to the local Windows Remote Management server WinRM every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server, which allo...
Joomla HTTP Header Unauthenticated Remote Code Execution
Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the sessi...
HTTPS Fetch, Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/upexec/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4...
HTTPS Fetch, Bind TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...
Gitlab Version Scanner
This module scans a Gitlab install for information about its version. Module Options msf use auxiliary/scanner/http/gitlabversion msf auxiliarygitlabversion show actions ...actions... msf auxiliarygitlabversion set ACTION msf auxiliarygitlabversion show options ...show and set options... msf...
Kerberos Ticket Management
Manage kerberos tickets on a compromised host. Module Options msf use post/windows/manage/kerberostickets msf postkerberostickets show actions ...actions... msf postkerberostickets set ACTION msf postkerberostickets show options ...show and set options... msf postkerberostickets run This module...
HTTP Fetch, Reverse TCP Stager
Fetch and execute a x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x86/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...
TFTP Fetch, Windows x64 Command Shell, Bind TCP Inline
Fetch and execute an x64 payload from a TFTP server. Listen for a connection and spawn a command shell Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...
TFTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and...
Apache Spark Unauthenticated Command Injection RCE
This module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs...
HTTP Fetch, Generic x86 Tight Loop
Fetch and execute a x86 payload from an HTTP server. Generate a tight loop in the target process Module Options msf use payload/cmd/linux/http/x86/generic/tightloop msf payloadtightloop show actions ...actions... msf payloadtightloop set ACTION msf payloadtightloop show options ...show and set...
HTTPS Fetch
Fetch and execute a PPC64LE payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/ppc64le/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options...
Linux Reboot
A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/linux/riscv64le/reboot msf payloadreboot show actions ...actions... msf payloadreboot set ACTION msf...
HTTP Fetch, Linux Read File
Fetch and execute a x86 payload from an HTTP server. Read up to 4096 bytes from the local file system and write it back out to the specified file descriptor Module Options msf use payload/cmd/linux/http/x86/readfile msf payloadreadfile show actions ...actions... msf payloadreadfile set ACTION msf...
HTTPS Fetch, Windows x64 Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from an HTTPS server. Spawn a piped command shell Windows x64 staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/shell/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf...
TFTP Fetch, Linux Command Shell, Reverse TCP Stager
Fetch and execute an x64 payload from a TFTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...
Syncovery For Linux Web-GUI Session Token Brute-Forcer
This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X days. By default today and yesterday DAYS = 1 will be checked. If a valid session token is...
F5 BIG-IP iControl Authenticated RCE via RPM Creator
This module exploits a newline injection into an RPM .rpmspec file that permits authenticated users to remotely execute commands. Successful exploitation results in remote code execution as the root user. Module Options msf use exploit/linux/http/f5icontrolrpmspecrcecve202241800 msf...