HTTP Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...

SMB Fetch, Windows shellcode stage, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/custom/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show an...

OSX Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless Module Options msf use payload/osx/aarch64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and set...

HTTPS Fetch, Bind TCP Stager with UUID Support (Linux x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/https/x86/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

HTTP Fetch

Fetch and execute an x64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show and s...

HTTPS Fetch, Windows x64 Reverse HTTPS Stager (winhttp)

Fetch and execute an x64 payload from an HTTPS server. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/https/x64/meterpreter/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...

Unix Command Shell, Bind SCTP (via socat)

Creates an interactive shell via socat Module Options msf use payload/cmd/unix/bindsocatsctp msf payloadbindsocatsctp show actions ...actions... msf payloadbindsocatsctp set ACTION msf payloadbindsocatsctp show options ...show and set options... msf payloadbindsocatsctp run This module requires...

SolarWinds Information Service (SWIS) .NET Deserialization From AMQP RCE

The SolarWinds Information Service SWIS is vulnerable to RCE by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead to OS command...

Powershell Exec, Windows Command Shell, Hidden Bind TCP Stager

Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/powershell/shell/bindhiddentcp msf payloadbindhiddentcp show actions...

libssh Authentication Bypass Scanner

This module exploits an authentication bypass in libssh server code where a USERAUTHSUCCESS message is sent in place of the expected USERAUTHREQUEST message. libssh versions 0.6.0 through 0.7.5 and 0.8.0 through 0.8.3 are vulnerable. Note that this module's success depends on whether the server...

Linux Meterpreter, Reverse HTTPS Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1137332 include...

HTTPS Fetch, Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...

HTTP Fetch, Windows Meterpreter Shell, Reverse HTTPS Inline

Fetch and execute an x86 payload from an HTTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x86/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...

HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

HTTP Fetch, Hidden Bind Ipknock TCP Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...

Code Reviewer

Reviews code Module Options msf use exploit/multi/fileformat/visualstudiovsixexec msf exploitvisualstudiovsixexec show targets ...targets... msf exploitvisualstudiovsixexec set TARGET msf exploitvisualstudiovsixexec show options ...show and set options... msf exploitvisualstudiovsixexec exploit...

SMB Fetch, Windows x64 Command Shell, Bind TCP Inline

Fetch and execute an x64 payload from an SMB server. Listen for a connection and spawn a command shell Windows x64 Module Options msf use payload/cmd/windows/smb/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...

TFTP Fetch

Fetch and execute a MIPS64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/mips64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

Python Exec, Python Meterpreter, Python Reverse HTTPS Stager

Execute a Python payload as an OS command from a Posix-compatible shell. Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Tunnel communication over HTTP using SSL Module Options msf use payload/cmd/unix/python/meterpreter/reversehttps msf payloadreversehttps show actions...

ManageEngine ServiceDesk Plus CVE-2021-44077

This module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE msiexec.exe and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module wil...

Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)

The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility...

Windows MessageBox x64

Spawn a dialog via MessageBox using a customizable title, text & icon This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 313 include Msf::Payload::Windows include Msf::Payload::Single...

Drupal HTTP Parameter Key/Value SQL Injection

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. Two methods are available to trigger the PHP payload on the target: - set...

UnrealIRCD 3.2.8.1 Backdoor Command Execution

This module exploits a malicious backdoor that was added to the Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010. This module requires Metasploit: https://metasploit.com/download Current source:...

HTTP Fetch, Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Listen for a connection Module Options msf use payload/cmd/windows/http/x86/shell/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show optio...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

SMB Fetch, Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/smb/x64/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION ms...

HTTP Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x86/shell/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtc...

HTTPS Fetch, Linux Meterpreter Service, Bind TCP

Fetch and execute an x86 payload from an HTTPS server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/https/x86/metsvcbindtcp msf payloadmetsvcbindtcp show actions ...actions... msf payloadmetsvcbindtcp set ACTION msf payloadmetsvcbindtcp show...

TFTP Fetch, Windows x64 Bind Named Pipe Stager

Fetch and execute an x64 payload from a TFTP server. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/peinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...

TFTP Fetch, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/vncinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

Powershell Exec, Windows Upload/Execute, Bind TCP Stager (Windows x86)

Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/upexec/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp...

Powershell Exec, Reverse TCP Stager with UUID Support (Windows x64)

Execute an x64 payload from a command via PowerShell. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/peinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

Powershell Exec, Windows x64 Reverse TCP Stager

Execute an x64 payload from a command via PowerShell. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show...

Linux Meterpreter, Reverse HTTP Inline

Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1519544 include...

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/x86/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

RPyC 4.1.0 through 4.1.1 Remote Command Execution

This module allows remote command execution on RPyC versions 4.1.0 and 4.1.1. You will be able to execute a specified command on the target machine as the user running the RPyC service and view the output. Module Options msf use auxiliary/scanner/http/rpycrce msf auxiliaryrpycrce show actions...

HTTPS Fetch

Fetch and execute an x64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/x64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and set...

Powershell Exec, Windows Meterpreter Shell, Reverse HTTPS Inline (x64)

Execute an x64 payload from a command via PowerShell. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...

Powershell Exec, Hidden Bind TCP Stager

Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/powershell/dllinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentc...

Exim4 string_format Function Heap Buffer Overflow

This module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon. The root cause is that no check is made to ensure that the buffer ...

HTTPS Fetch, Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...

HTTP Fetch, Windows Upload/Execute, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/upexec/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set...

HTTP Fetch

Fetch and execute an x86 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x86/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options ...show and...

HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/meterpreter/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show...

SMB Fetch, Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Spawn a piped command shell Windows x64 staged. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid...

SMB Fetch, Windows x64 LoadLibrary Path

Fetch and execute an x64 payload from an SMB server. Load an arbitrary x64 library path Module Options msf use payload/cmd/windows/smb/x64/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set options...

SMB Fetch, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

SMB Fetch, Windows shellcode stage, Windows x64 Bind Named Pipe Stager

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/custom/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...