6846 matches found
Emacs Extension Persistence
This module adds a lisp based malicious extension to the emacs configuration file. When emacs is opened, the extension will be loaded and the payload will be executed. Tested against emacs 29.3 build 1 on Ubuntu Desktop 24.04. Module Options msf use exploit/linux/persistence/emacsextension msf...
Flowmon Unauthenticated Command Injection
This module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. Module Options msf use exploit/linux/http/progressflowmonunauthcmdinjection msf exploitprogressflowmonunauthcmdinjection show targets ...targets... msf...
Authentication Capture: LDAP
This module mocks an LDAP service to capture authentication information of a client trying to authenticate against an LDAP service Module Options msf use auxiliary/server/capture/ldap msf auxiliaryldap show actions ...actions... msf auxiliaryldap set ACTION msf auxiliaryldap show options ...show...
HTTP Fetch, Reverse TCP Stager (IPv6)
Fetch and execute a x86 payload from an HTTP server. Connect back to attacker over IPv6 Module Options msf use payload/cmd/linux/http/x86/meterpreter/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show options...
TFTP Fetch, Bind TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from a TFTP server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...
TFTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an x64 payload from a TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...
OpenTSDB 2.4.0 unauthenticated command injection
This module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version...
LNK Code Execution Vulnerability
This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is included. The...
HTTPS Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/peinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports...
HTTPS Fetch, Reverse HTTP Stager Proxy
Fetch and execute an x86 payload from an HTTPS server. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/https/x86/vncinject/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf...
MajorDoMo Remote Command Injection via cycle_execs Race Condition
This module exploits an unauthenticated command injection vulnerability in MajorDoMo's remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs database...
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
This module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impac...
HTTP Fetch, Linux Command Shell, Bind TCP Stager (Linux x86)
Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for a connection Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show...
TFTP Fetch, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/tftp/x64/custom/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show...
TFTP Fetch, Windows x64 Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell Windows x64 staged. Connect back to the attacker Module Options msf use payload/cmd/windows/tftp/x64/shell/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf...
HTTPS Fetch, Windows x64 Reverse TCP Stager
Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show an...
HTTPS Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an HTTPS server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/https/x64/meterpreter/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps sho...
Python Exec, Python Meterpreter Shell, Reverse TCP Inline
Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf...
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTPUSERAGENT environment variable to a malicious function definition. This module requires Metasploit:...
HTTP Fetch, Windows Meterpreter Service, Reverse TCP Inline
Fetch and execute an x86 payload from an HTTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/windows/http/x86/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf...
TFTP Fetch, Linux Execute Command
Fetch and execute an x64 payload from a TFTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/tftp/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...
ManageEngine ADSelfService Plus Unauthenticated SAML RCE
This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a crafted...
Mobile Mouse RCE
This module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.6.0.4, current at the time of module writing Module Options msf u...
Zimbra zmslapd arbitrary module load
This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes...
VMWare Authentication Daemon Version Scanner
This module will identify information about a host through the vmauthd service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Authentication Daemon Version Scanner', 'Description' = %q...
HTTPS Fetch, Windows Command Shell, Windows x86 Bind Named Pipe Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/shell/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...
Tactical RMM Jinja2 SSTI Remote Code Execution
This module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Python code...
TFTP Fetch, Linux Command Shell, Reverse TCP Stager (IPv6)
Fetch and execute a x86 payload from a TFTP server. Spawn a command shell staged. Connect back to attacker over IPv6 Module Options msf use payload/cmd/linux/tftp/x86/shell/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline (IPv6)
Fetch and execute a x86 payload from an HTTP server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/http/x86/shellreversetcpipv6 msf payloadshellreversetcpipv6 show actions ...actions... msf payloadshellreversetcpipv6 set ACTION msf...
IGEL OS Secure VNC/Terminal Command Injection RCE
This module exploits a command injection vulnerability in IGEL OS Secure Terminal and Secure Shadow services. Both Secure Terminal telnetsslconnector - 30022/tcp and Secure Shadow vncsslconnector - 5900/tcp services are vulnerable. Module Options msf use exploit/linux/misc/igelcommandinjection ms...
xfrm-ESP Page-Cache Write via CVE-2026-43284
CVE-2026-43284 is a Linux kernel page-cache write vulnerability in the IPsec/xfrm subsystem affecting ESP Encapsulating Security Payload fragmentation. Dubbed "DirtyFrag", the bug allows a local unprivileged user to gain write access to read-only page-cache pages by triggering a race condition in...
HTTPS Fetch
Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/powershellbindtcp msf payloadpowershellbindtcp show actions ...actions... msf payloadpowershellbindtcp set ACTION msf payloadpowershellbindtcp show options ...show and set options... msf...
PHP Minify Encoder
This encoder minifies a PHP payload by removing leasing spaces, trailing new lines, comments, ... Module Options msf use encoder/php/minify msf encoderminify show actions ...actions... msf encoderminify set ACTION msf encoderminify show options ...show and set options... msf encoderminify run Thi...
Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control
This module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server. Module Options msf use...
HTTP Fetch, Linux Command Shell, Reverse TCP Stager
Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x86/shell/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuui...
TFTP Fetch
Fetch and execute a x86 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/x86/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and set...
TFTP Fetch, Windows x64 LoadLibrary Path
Fetch and execute an x64 payload from a TFTP server. Load an arbitrary x64 library path Module Options msf use payload/cmd/windows/tftp/x64/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set options...
HTTPS Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager with UUID Support
Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid s...
LINQPad Deserialization Exploit
This module exploits a bug in LINQPad up to version 5.52.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restarts. Module...
SMB Fetch, Windows x64 Bind TCP Stager
Fetch and execute an x64 payload from an SMB server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... ms...
HTTP Fetch, Linux Command Shell, Bind TCP Stager with UUID Support (Linux x86)
Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Listen for a connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/http/x86/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...
TFTP Fetch, Linux Command Shell, Reverse TCP Inline (IPv6)
Fetch and execute a x86 payload from a TFTP server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/tftp/x86/shellreversetcpipv6 msf payloadshellreversetcpipv6 show actions ...actions... msf payloadshellreversetcpipv6 set ACTION msf...
TFTP Fetch, Windows shellcode stage, Windows x64 Reverse TCP Stager
Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...
TFTP Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from a TFTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show optio...
HTTPS Fetch, Windows x64 IPv6 Bind TCP Stager
Fetch and execute an x64 payload from an HTTPS server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/peinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...sho...
HTTP Fetch, Windows x64 IPv6 Bind TCP Stager
Fetch and execute an x64 payload from an HTTP server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/meterpreter/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...sh...
HTTP Fetch, Windows x64 Bind Named Pipe Stager
Fetch and execute an x64 payload from an HTTP server. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/meterpreter/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show option...
TFTP Fetch, Linux x64 Pingback, Reverse TCP Inline
Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/tftp/x64/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...
Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.
This module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account. And then add a SSH key to the authorizedkeys file of the chosen account, allowing to login to the system with the chosen account...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf...