HTTPS Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show an...

HTTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/peinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show and s...

SMB Fetch, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from an SMB server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show an...

HTTP Fetch

Fetch and execute a x86 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x86/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and se...

HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/peinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and...

LotusCMS 3.0 eval() Remote Command Execution

This module exploits a vulnerability found in Lotus CMS 3.0's Router function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default...

HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTPS Fetch, Bind IPv6 TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/dllinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...sh...

HTTPS Fetch, Windows Meterpreter Shell, Reverse HTTP Inline

Fetch and execute an x86 payload from an HTTPS server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/https/x86/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/dllinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

HTTPS Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid...

TFTP Fetch, Generic x86 Debug Trap

Fetch and execute a x86 payload from a TFTP server. Generate a debug trap in the target process Module Options msf use payload/cmd/linux/tftp/x86/generic/debugtrap msf payloaddebugtrap show actions ...actions... msf payloaddebugtrap set ACTION msf payloaddebugtrap show options ...show and set...

HTTPS Fetch

Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/x86/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

TFTP Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from a TFTP server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/peinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show optio...

HTTPS Fetch, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

Sophos UTM WebAdmin SID Command Injection

This module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. Module Options msf use exploit/linux/http/sophosutmwebadminsidcmdinjection msf exploitsophosutmwebadminsidcmdinjection show targets ...targets... msf...

Mikrotik Winbox Arbitrary File Read

MikroTik RouterOS bugfix 6.30.1-6.40.7, current 6.29-6.42, RC 6.29rc1-6.43rc3 allows unauthenticated remote attackers to read arbitrary files through a directory traversal through the WinBox interface typically port 8291. Module Options msf use auxiliary/gather/mikrotikwinboxfileread msf...

Microsoft Spooler Local Privilege Elevation Vulnerability

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...

Jupyter Login Utility

This module checks if authentication is required on a Jupyter Lab or Notebook server. If it is, this module will bruteforce the password. Jupyter only requires a password to authenticate, usernames are not used. This module is compatible with versions 4.3.0 released 2016-12-08 and newer. Module...

MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

This module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion...

CUPS Filter Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CUPS filters through the PRINTERINFO and PRINTERLOCATION variables. A valid username and password is required to exploit this vulnerability through CUPS. Thi...

HTTPS Fetch, Windows shellcode stage, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/custom/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...sho...

HTTPS Fetch, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/dllinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentc...

SMB Fetch, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an SMB server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/smb/x64/vncinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

TFTP Fetch, Generic x86 Tight Loop

Fetch and execute a x86 payload from a TFTP server. Generate a tight loop in the target process Module Options msf use payload/cmd/linux/tftp/x86/generic/tightloop msf payloadtightloop show actions ...actions... msf payloadtightloop set ACTION msf payloadtightloop show options ...show and set...

HTTPS Fetch

Fetch and execute an MIPS64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/mips64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show a...

TFTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/tftp/x64/peinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...

HTTPS Fetch, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/meterpreter/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options...

HTTPS Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an x64 payload from an HTTPS server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/https/x64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show...

UnRAR Path Traversal (CVE-2022-30333)

This module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 open source version 6.1.7. The core issue is that when a...

Wordpress LearnPress current_items Authenticated SQLi

LearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the currentitems parameter of the post-new.php page. Module Options msf use auxiliary/scanner/http/wplearnpresssqli msf auxiliarywplearnpresssqli show actions ...actions... m...

macOS Gatekeeper check bypass

This module exploits two CVEs that bypass Gatekeeper. For CVE-2021-30657, this module serves an OSX app as a zip that contains no Info.plist, which bypasses gatekeeper in macOS use exploit/osx/browser/osxgatekeeperbypass msf exploitosxgatekeeperbypass show targets ...targets... msf...

Windows Update Orchestrator unchecked ScheduleWork call

This exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours. Module Options msf...

HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/meterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...

HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid...

Grav CMS Admin Direct Install Authenticated Plugin Upload RCE

Grav CMS version use exploit/multi/http/gravadmindirectinstallrcecve202550286 msf exploitgravadmindirectinstallrcecve202550286 show targets ...targets... msf exploitgravadmindirectinstallrcecve202550286 set TARGET msf exploitgravadmindirectinstallrcecve202550286 show options ...show and set...

Acronis Cyber Protect/Backup remote code execution

Acronis Cyber Protect or Backup is an enterprise backup/recovery solution for all, compute, storage and application resources. Businesses and Service Providers are using it to protect and backup all IT assets in their IT environment. The Acronis Cyber Protect appliance, in its default...

SMB Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/smb/x64/custom/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf...

SMB Fetch

Fetch and execute an x64 payload from an SMB server. Module Options msf use payload/cmd/windows/smb/x64/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options ...show and s...

SMB Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Module Options msf use payload/cmd/windows/smb/x64/meterpreter/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...

HTTPS Fetch, Linux Command Shell, Bind TCP Inline (IPv6)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection over IPv6 and spawn a command shell Module Options msf use payload/cmd/linux/https/x86/shellbindipv6tcp msf payloadshellbindipv6tcp show actions ...actions... msf payloadshellbindipv6tcp set ACTION msf...

HTTPS Fetch, Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager

Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/https/x64/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

Python Exec, Python Meterpreter, Python Reverse TCP SSL Stager

Execute a Python payload from a command. Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Reverse Python connect back stager using SSL Module Options msf use payload/cmd/windows/python/meterpreter/reversetcpssl msf payloadreversetcpssl show actions ...actions... msf...

Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE

This module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the...

Chrome Gather Cookies

Read all cookies from the Default Chrome profile of the target user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chrome Gather Cookies', 'Description' = 'Read all cookies from the Default...

HTTPS Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Tunnel communication over HTTPS Windows winhttp Module Options msf use payload/cmd/windows/https/x86/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION ms...

HTTPS Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/dllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...