HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/vncinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show an...

HTTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...

HTTP Fetch, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...

SMB Fetch

Fetch and execute an x64 payload from an SMB server. Module Options msf use payload/cmd/windows/smb/x64/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set options...

SMB Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (winhttp)

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 winhttp Module Options msf use payload/cmd/windows/smb/x64/custom/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf...

SMB Fetch, Windows Meterpreter Shell, Reverse HTTPS Inline (x64)

Fetch and execute an x64 payload from an SMB server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/smb/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...

TFTP Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute a x86 payload from a TFTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x86/shell/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid...

HTTPS Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x86/shell/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

TFTP Fetch, Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell Windows x64 staged. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid...

TFTP Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTI...

HTTP Fetch, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an HTTP server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

Rocket Software Unidata udadmin_server Stack Buffer Overflow in Password

This modlue exploits an authentication bypass vulnerability in the Linux version of udadminserver, which is an RPC service that comes with the Rocket Software UniData server, which runs as root. This vulnerability affects UniData versions 8.2.4 build 3003 and earlier for Linux, but this module...

Kerberos keytab utilities

Utilities for interacting with keytab files, which can store the hashed passwords of one or more principals. Discovered keytab files can be used to generate Kerberos Ticket Granting Tickets, or bruteforced offline. Keytab files can be also useful for decrypting Kerberos traffic using Wireshark...

Powershell Exec, Windows Upload/Execute, Bind TCP Stager with UUID Support (Windows x86)

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/upexec/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid s...

Safari Webkit JIT Exploit for iOS 7.1.2

This module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit CVE-2016-4669 that obtains kernel rw, obtains root and disables code signing. Finally we download and...

ActiveMQ web shell upload

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: https://metasploit.com/download Current source:...

Citrix ADC (NetScaler) CVE-2026-3055 Scanner

This module scans for a vulnerability that allows a remote, unauthenticated attacker to leak memory from a target Citrix ADC server configured as a SAML IdP. The leaked memory is then scanned for session cookies which can be hijacked if found. Module Options msf use...

HTTPS Fetch, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/vncinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...

HTTP Fetch, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/shell/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf...

HTTP Fetch, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTPS Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

SMB Fetch, Windows x64 Reverse HTTP Stager (winhttp)

Fetch and execute an x64 payload from an SMB server. Tunnel communication over HTTP Windows x64 winhttp Module Options msf use payload/cmd/windows/smb/x64/meterpreter/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

Powershell Exec, Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64)

Execute an x64 payload from a command via PowerShell. Spawn a piped command shell Windows x64 staged. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf...

Netgear R7000 backup.cgi Heap Overflow RCE

This module exploits a heap buffer overflow in the genie.cgi?backup.cgi page of Netgear R7000 routers running firmware version 1.0.11.116. Successful exploitation results in unauthenticated attackers gaining code execution as the root user. The exploit utilizes these privileges to enable the teln...

Windows Registry Security Descriptor Utility

Read or write a Windows registry security descriptor remotely. In READ mode, the FILE option can be set to specify where the security descriptor should be written to. The following format is used: key: securityinfo: sd: In WRITE mode, the FILE option can be used to specify the information needed ...

Ansible Agent Payload Deployer

This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected default all. Module Options msf use exploit/linux/local/ansiblenodedeployer msf...

TFTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute a x86 payload from a TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/x86/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show and...

TFTP Fetch

Fetch and execute an x64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/x64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and set...

MimiPenguin

This searches process memory for needles that indicate where cleartext passwords may be located. If any needles are discovered in the target process memory, collected strings in adjacent memory will be hashed and compared with password hashes found in /etc/shadow. Module Options msf use...

ManageEngine DataSecurity Plus Xnode Enumeration

This module exploits default admin credentials for the DataEngine Xnode server in DataSecurity Plus versions prior to 6.0.1 6011 in order to dump the contents of Xnode data repositories tables, which may contain a limited amount of Active Directory information including domain names, host names,...

ManageEngine Desktop Central Java Deserialization

This module exploits a Java deserialization vulnerability in the getChartImage method from the FileStorage class within ManageEngine Desktop Central versions 'ManageEngine Desktop Central Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in the...

HUSTOJ Admin users can zip-slip problem_import_qduoj.php, planting PHP files in webroot for RCE

A user with administrative privileges can abuse the problemimportqduoj.php CGI script using a crafted zip file zip-slip to traverse backwards through the filesystem, then to the webroot, where they can extract a PHP file that spawns a shell to get full RCE in the context of the webserver. Module...

HTTPS Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/vncinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...

HTTP Fetch, Windows Upload/Execute, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could...

TFTP Fetch, Find Tag Stager

Fetch and execute a x86 payload from a TFTP server. Use an established connection Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

HTTP Fetch

Fetch and execute a x86 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x86/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

TFTP Fetch, Windows x64 Command Shell, Reverse TCP Inline

Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn a command shell Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...

TFTP Fetch, Windows x64 Command Shell, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell Windows x64 staged. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...

HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTPS Fetch, Linux x64 Pingback, Bind TCP Inline

Fetch and execute an x64 payload from an HTTPS server. Accept a connection from attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/https/x64/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...

TFTP Fetch, Linux Command Shell, Bind TCP Stager

Fetch and execute an x64 payload from a TFTP server. Spawn a command shell staged. Listen for a connection Module Options msf use payload/cmd/linux/tftp/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...

KOFFEE - Kia OFFensivE Exploit

This module exploits CVE-2020-8539, which is an arbitrary code execution vulnerability that allows an to attacker execute the micomd binary file on the head unit of Kia Motors. This module has been tested on SOP.003.30.18.0703, SOP.005.7.181019 and SOP.007.1.191209 head unit software versions. Th...

D-Link Devices UPnP SOAP Command Execution

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on DIR-865 and DIR-645 devices. This module requires Metasploit:...

Supsystic Contact Form Wordpress Plugin SSTI RCE

This module performs SSTI achieving RCE in webpages containing the Contact Form Wordpress plugin by Supsystic in versions 1.7.36 and before. Module Options msf use exploit/multi/http/wppluginsupsysticcontactformrce msf exploitwppluginsupsysticcontactformrce show targets ...targets... msf...

HTTPS Fetch, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/https/x86/vncinject/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show...

HTTPS Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The sock...

HTTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/peinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show and s...

HTTPS Fetch, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp...

HTTP Fetch

Fetch and execute a x86 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x86/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and se...