HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/peinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...

ManageEngine ADAudit Plus Xnode Enumeration

This module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 6032 in order to dump the contents of Xnode data repositories tables, which may contain a limited amount of Active Directory information including domain names, host names,...

ScadaBR Credentials Dumper

This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1 password hashes for all users, by invoking the EmportDwr.createExportData DWR method of Mango M2M which is exposed to all authenticated users regardless of privilege level. This module has been tested...

HTTPS Fetch, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/vncinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...

HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf...

HTTPS Fetch, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid s...

HTTP Fetch, Windows Upload/Execute, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for a connection No NX Module Options msf use payload/cmd/windows/http/x86/upexec/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...

HTTP Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/vncinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid sho...

Linux RC4 Packer with In-Memory Execution (x86)

This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. The evasion module works on systems with Linux Kernel 3.17+ due to memfdcreate support. Features: - RC4 encryption with configurable key size - Fileless execution...

SMB Fetch, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from an SMB server. Spawn a piped command shell Windows x64 staged. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION m...

TFTP Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute a x86 payload from a TFTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...

TFTP Fetch, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from a TFTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/tftp/x64/meterpreter/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...

TFTP Fetch, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from a TFTP server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/peinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

TFTP Fetch, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from a TFTP server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/peinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show a...

HTTPS Fetch, Windows x64 Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an HTTPS server. Spawn a piped command shell Windows x64 staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/shell/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf...

TFTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x64 payload from a TFTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/tftp/x64/shellbindtcprandomport msf payloadshellbindtcprandomport show actio...

Command Shell, Reverse SCTP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...

Unified Remote Auth Bypass to RCE

This module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for...

Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability

This module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service BITS, to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code execution as the...

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/peinject/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns show options...

HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager (DNS)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/custom/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns sh...

HTTPS Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...

HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/vncinject/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns show options...

Python Exec, Python Execute Command

Execute a Python payload as an OS command from a Posix-compatible shell. Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/cmd/unix/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options...

Kemp LoadMaster Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default 'bal' user. As such, if the...

Puppet Config Gather

This module will grab Puppet config files, credentials, host information, and file buckets. Module Options msf use post/linux/gather/puppet msf postpuppet show actions ...actions... msf postpuppet set ACTION msf postpuppet show options ...show and set options... msf postpuppet run This module...

TFTP Fetch, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and se...

TFTP Fetch, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from a TFTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/tftp/x64/vncinject/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...

HTTPS Fetch, Windows x64 Command Shell, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a piped command shell Windows x64 staged. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf...

HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x64/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and...

HTTPS Fetch, Windows shellcode stage, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/custom/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...sho...

Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service

The vulnerability allows remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a Post Form value. This module...

HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options...

HTTPS Fetch, Windows shellcode stage, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/custom/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...

HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and...

Python Exec, Python Execute Command

Execute a Python payload from a command. Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

TFTP Fetch, Reverse SCTP Stager

Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x64/meterpreter/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set...

DotCMS RCE via Arbitrary File Upload.

When files are uploaded into dotCMS via the content API, but before they become content, dotCMS writes the file down in a temp directory. In the case of this vulnerability, dotCMS does not sanitize the filename passed in via the multipart request header and thus does not sanitize the temp file's...

Powershell Exec, Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)

Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/shell/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution

This module exploits multiple vulnerabilities in EyesOfNetwork version 5.1, 5.2 and 5.3 in order to execute arbitrary commands as root. This module takes advantage of a command injection vulnerability in the target parameter of the AutoDiscovery functionality within the EON web interface in order...

Oracle Weblogic Server Deserialization RCE - AsyncResponseService

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. This module requires Metasploit: https://metasploit.com/download Current source:...

HTTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...

HTTP Fetch, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...

TFTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an x64 payload from a TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/x64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show and...

Linux Mettle x64, Reverse SCTP Stager

Inject the mettle server payload staged. Connect back to the attacker Module Options msf use payload/linux/x64/meterpreter/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set options... msf...

Powershell Exec, Windows Meterpreter Shell, Bind TCP Inline

Execute an x86 payload from a command via PowerShell. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp...

Powershell Exec, Windows x86 Bind Named Pipe Stager

Execute an x86 payload from a command via PowerShell. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/powershell/meterpreter/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show...

ManageEngine ADSelfService Plus CVE-2021-40539

This module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service. Module Options msf use...

Tomcat Application Manager Login Utility

This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...