6846 matches found
SMB Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Module Options msf use payload/cmd/windows/smb/x64/meterpreter/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...
HTTPS Fetch, Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager
Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/https/x64/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set...
HTTPS Fetch, Reverse TCP Stager
Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...
Atlassian Crowd pdkinstall Unauthenticated Plugin Upload RCE
This module can be used to upload a plugin on Atlassian Cloud via the pdkinstall development plugin as an unauthenticated attacker. The payload is uploaded as a JAR archive containing a servlet using a POST request to /crowd/admin/uploadplugin.action. The check command will check that the...
Chrome Gather Cookies
Read all cookies from the Default Chrome profile of the target user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chrome Gather Cookies', 'Description' = 'Read all cookies from the Default...
Slowloris Denial of Service Attack
Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to-but never completing-the...
HTTPS Fetch, Windows Upload/Execute, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcpallports msf payloadreversetcpallports show actions...
HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
TFTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)
Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/tftp/x64/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION m...
Powershell Exec, Windows Command Shell, Reverse TCP Stager (IPv6)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/powershell/shell/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...
Powershell Exec, Windows Command Shell, Bind TCP Stager (Windows x86)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show...
Powershell Exec, Windows x86 Pingback, Bind TCP Inline
Execute an x86 payload from a command via PowerShell. Open a socket and report UUID when a connection is received Windows x86 Module Options msf use payload/cmd/windows/powershell/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...
PostgreSQL COPY FROM PROGRAM Command Execution
Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pgexecuteserverprogram' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a ne...
SCADA 3S CoDeSys Gateway Server Directory Traversal
This module exploits a directory traversal vulnerability that allows arbitrary file creation, which can be used to execute a mof file in order to gain remote execution within the SCADA system. This module requires Metasploit: https://metasploit.com/download Current source:...
HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/dllinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...
HTTP Fetch, Windows Meterpreter Service, Bind TCP
Fetch and execute an x86 payload from an HTTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/windows/http/x86/metsvcbindtcp msf payloadmetsvcbindtcp show actions ...actions... msf payloadmetsvcbindtcp set ACTION msf payloadmetsvcbindtcp show...
HTTPS Fetch, Windows x64 Reverse HTTPS Stager (winhttp)
Fetch and execute an x64 payload from an HTTPS server. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/https/x64/vncinject/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...
TFTP Fetch, Linux Command Shell, Reverse SCTP Stager
Fetch and execute an x64 payload from a TFTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show optio...
Powershell Exec, Bind TCP Stager (Windows x86)
Execute an x86 payload from a command via PowerShell. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...
Apache ActiveMQ RCE via Jolokia addNetworkConnector
Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...
Shadow Credentials
This module can read and write the necessary LDAP attributes to configure a particular account with a Key Credential Link. This allows weaponising write access to a user account by adding a certificate that can subsequently be used to authenticate. In order for this to succeed, the authenticated...
TFTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/tftp/x64/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and s...
HTTPS Fetch, Windows x64 Reverse Named Pipe (SMB) Stager
Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/https/x64/meterpreter/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION msf...
Powershell Exec, Windows shellcode stage, Reverse UDP Stager with UUID Support
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/powershell/custom/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...
SMB Fetch, Windows x64 Command Shell, Windows x64 Bind TCP Stager
Fetch and execute an x64 payload from an SMB server. Spawn a piped command shell Windows x64 staged. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp...
SMB Fetch, Windows x64 IPv6 Bind TCP Stager with UUID Support
Fetch and execute an x64 payload from an SMB server. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/meterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
TFTP Fetch, Bind TCP Stager with UUID Support (Linux x86)
Fetch and execute a x86 payload from a TFTP server. Listen for a connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show options...
HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x64/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show an...
HTTPS Fetch, Windows x64 Command Shell, Windows x64 Bind Named Pipe Stager
Fetch and execute an x64 payload from an HTTPS server. Spawn a piped command shell Windows x64 staged. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/shell/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set...
Gather MinIO Client Key
This module searches for MinIO Client credentials on a Windows host. Module Options msf use post/multi/gather/minioclient msf postminioclient show actions ...actions... msf postminioclient set ACTION msf postminioclient show options ...show and set options... msf postminioclient run This module...
VMware vCenter Extract Secrets from vmdir / vmafd DB File
Grab certificates from the vCenter server vmdird and vmafd database files and adds them to loot. The vmdird MDB database file can be found on the live appliance under the path /storage/db/vmware-vmdir/data.mdb, and the DB vmafd is under path /storage/db/vmware-vmafd/afd.db. The vmdir database...
LDAP Information Disclosure
This module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching for attributes with user credentials e.g. userPassword. Module Options msf use auxiliary/gather/ldaphashdump msf auxiliaryldaphashdump show actions ...actions... msf auxiliaryldaphashdump set ACTION msf...
HTTPS Fetch, Windows Disable Windows ICF, Command Shell, Bind TCP Inline
Fetch and execute an x86 payload from an HTTPS server. Disable the Windows ICF, then listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/https/x86/shellbindtcpxpfw msf payloadshellbindtcpxpfw show actions ...actions... msf payloadshellbindtcpxpfw set ACTIO...
HTTPS Fetch, Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...
HTTP Fetch, Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/upexec/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...
HTTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...sh...
SMB Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Module Options msf use payload/cmd/windows/smb/x64/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and se...
TFTP Fetch, Windows x64 Bind Named Pipe Stager
Fetch and execute an x64 payload from a TFTP server. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/vncinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...
HTTPS Fetch, Linux Command Shell, Reverse SCTP Stager
Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show...
Powershell Exec, Bind TCP Stager with UUID Support (Windows x64)
Execute an x64 payload from a command via PowerShell. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid...
Powershell Exec, Reverse TCP Stager with UUID Support
Execute an x86 payload from a command via PowerShell. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/powershell/peinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid sh...
Windows Shell, Reverse TCP (via jjs)
Connect back and create a command shell via jjs Module Options msf use payload/cmd/windows/jjsreversetcp msf payloadjjsreversetcp show actions ...actions... msf payloadjjsreversetcp set ACTION msf payloadjjsreversetcp show options ...show and set options... msf payloadjjsreversetcp run This modul...
Windows MessageBox x64
Spawn a dialog via MessageBox using a customizable title, text & icon This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 313 include Msf::Payload::Windows include Msf::Payload::Single...
glibc 'realpath()' Privilege Escalation
This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library glibc version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath and create a SUID root shell. The exploit has offsets for glibc...
HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...
HTTP Fetch, Reverse TCP Stager (IPv6)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/http/x86/vncinject/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show option...
HTTP Fetch, Windows Meterpreter Shell, Reverse HTTPS Inline
Fetch and execute an x86 payload from an HTTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x86/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...
HTTP Fetch, Bind TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...
SMB Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager
Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...
HTTPS Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...sh...