6846 matches found
TFTP Fetch, Reverse TCP Stager
Fetch and execute a x86 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid show options ...show an...
HTTPS Fetch, Linux Command Shell, Bind TCP Random Port Inline
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/https/x86/shellbindtcprandomport msf payloadshellbindtcprandomport show...
HTTP Fetch, Linux Add User
Fetch and execute a x86 payload from an HTTP server. Create a new user with UID 0 Module Options msf use payload/cmd/linux/http/x86/adduser msf payloadadduser show actions ...actions... msf payloadadduser set ACTION msf payloadadduser show options ...show and set options... msf payloadadduser run...
Microsoft SharePoint Server-Side Include and ViewState RCE
This module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The web.config...
PHP-FPM Underflow RCE
This module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certains Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code see refs.. First, it detects...
HTTPS Fetch, Windows Command Shell, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp sho...
HTTPS Fetch, Windows x86 Bind Named Pipe Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show option...
HTTPS Fetch, Windows x86 Pingback, Bind TCP Inline
Fetch and execute an x86 payload from an HTTPS server. Open a socket and report UUID when a connection is received Windows x86 Module Options msf use payload/cmd/windows/https/x86/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...
HTTP Fetch, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/shell/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf...
HTTP Fetch, Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/shell/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...
HTTPS Fetch, Windows shellcode stage, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellco...
Check Point Security Gateway Arbitrary File Read
This module leverages an unauthenticated arbitrary root file read vulnerability for Check Point Security Gateway appliances. When the IPSec VPN or Mobile Access blades are enabled on affected devices, traversal payloads can be used to read any files on the local file system. Password hashes read...
Powershell Exec, Windows x64 Bind TCP Stager
Execute an x64 payload from a command via PowerShell. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...
Powershell Exec, Windows MessageBox x64
Execute an x64 payload from a command via PowerShell. Spawn a dialog via MessageBox using a customizable title, text & icon Module Options msf use payload/cmd/windows/powershell/x64/messagebox msf payloadmessagebox show actions ...actions... msf payloadmessagebox set ACTION msf payloadmessagebox...
Powershell Exec, Reverse HTTP Stager Proxy
Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/powershell/dllinject/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf...
HTTPS Fetch, Windows Meterpreter Shell, Bind TCP Inline
Fetch and execute an x86 payload from an HTTPS server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/https/x86/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp...
HTTPS Fetch, Windows shellcode stage, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/custom/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... ms...
HTTP Fetch
Fetch and execute an x64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
HTTPS Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an HTTPS server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/https/x64/vncinject/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...
HTTPS Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager
Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6t...
Powershell Exec, Windows shellcode stage, Windows x64 Bind Named Pipe Stager
Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...
Zyxel Firewall SUID Binary Privilege Escalation
This module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user e.g. nobody escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an attacker...
Kubernetes authenticated code execution
Execute a payload within a Kubernetes pod. Module Options msf use exploit/multi/kubernetes/exec msf exploitexec show targets ...targets... msf exploitexec set TARGET msf exploitexec show options ...show and set options... msf exploitexec exploit -- coding: binary -- This module requires Metasploi...
Chrome Credential Gatherer
This module searches for credentials stored on Chrome on a Windows host. Module Options msf use post/windows/gather/credentials/chrome msf postchrome show actions ...actions... msf postchrome set ACTION msf postchrome show options ...show and set options... msf postchrome run This module requires...
Abandoned Cart for WooCommerce SQLi Scanner
Abandoned Cart, a plugin for WordPress which extends the WooCommerce plugin, prior to 5.8.2 is affected by an unauthenticated SQL injection via the billingfirstname parameter of the savedata AJAX call. A valid wpwoocommercesession cookie is required, which has at least one item in the cart. Modul...
HTTP Fetch, Windows Command Shell, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/shell/reversetcpallports msf payloadreversetcpallports show actions ...actions...
cups-browsed Information Disclosure
Retrieve CUPS version and kernel version information from cups-browsed services. Module Options msf use auxiliary/scanner/misc/cupsbrowsedinfodisclosure msf auxiliarycupsbrowsedinfodisclosure show actions ...actions... msf auxiliarycupsbrowsedinfodisclosure set ACTION msf...
SMB Fetch, Windows x64 IPv6 Bind TCP Stager with UUID Support
Fetch and execute an x64 payload from an SMB server. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
HTTPS Fetch, Linux Command Shell, Reverse TCP Inline (IPv6)
Fetch and execute an x86 payload from an HTTPS server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/https/x86/shellreversetcpipv6 msf payloadshellreversetcpipv6 show actions ...actions... msf payloadshellreversetcpipv6 set ACTION msf...
HTTPS Fetch, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x86/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid show options ...sho...
HTTPS Fetch, Bind TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an HTTPS server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/peinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...
Python Exec, Command Shell, Reverse TCP (via python)
Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf...
Powershell Exec, Windows Command Shell, Hidden Bind Ipknock TCP Stager
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get...
Powershell Exec
Execute an x86 payload from a command via PowerShell Module Options msf use payload/cmd/windows/powershell/speakpwned msf payloadspeakpwned show actions ...actions... msf payloadspeakpwned set ACTION msf payloadspeakpwned show options ...show and set options... msf payloadspeakpwned run This modu...
Cisco Small Business RV Series Authentication Bypass and Command Injection
This module exploits an authentication bypass CVE-2021-1472 and command injection CVE-2021-1473 in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Then the...
Windows SYSTEM Escalation via KiTrap0D
This module will create a new session with SYSTEM privileges via the KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll, and is not supported on x64 editions of Windows. This module requires Metasploit:...
HTTPS Fetch, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show...
HTTP Fetch, Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION...
HTTP Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/peinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass
This module exploits an unauthenticated remote code execution vulnerability in FreeScout use exploit/multi/http/freescouthtaccessrce msf exploitfreescouthtaccessrce show targets ...targets... msf exploitfreescouthtaccessrce set TARGET msf exploitfreescouthtaccessrce show options ...show and set...
SMB Fetch, Windows x64 Command Shell, Reverse TCP Inline
Fetch and execute an x64 payload from an SMB server. Connect back to attacker and spawn a command shell Windows x64 Module Options msf use payload/cmd/windows/smb/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...
SMB Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an SMB server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/smb/x64/meterpreter/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show option...
Saltstack Minion Payload Deployer
This exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. Module Options msf use exploit/linux/local/saltstacksaltminiondeployer msf exploitsaltstacksaltminiondeployer show targets...
HTTPS Fetch, Linux Execute Command
Fetch and execute an x86 payload from an HTTPS server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/https/x86/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...
HTTP Fetch, Linux Command Shell, Find Tag Inline
Fetch and execute a x86 payload from an HTTP server. Spawn a shell on an established connection proxy/NAT safe Module Options msf use payload/cmd/linux/http/x86/shellfindtag msf payloadshellfindtag show actions ...actions... msf payloadshellfindtag set ACTION msf payloadshellfindtag show options...
TFTP Fetch, Reverse TCP Stager
Fetch and execute a x86 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...
Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Execute an x64 payload from a command via PowerShell. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/x64/peinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...
Powershell Exec, Windows x64 Command Shell, Windows x64 Bind TCP Stager
Execute an x64 payload from a command via PowerShell. Spawn a piped command shell Windows x64 staged. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf...
Pi-Hole Top Domains API Authenticated Exec
This exploits a command execution in Pi-Hole Web Interface API/Web inetrace page contains the field Top Domains/Top Advertisers which is validated by a regex which does not properly filter system commands, which can then be executed by calling the gravity functionality. However, the regex only...
ECU Hard Reset
This module performs hard reset in the ECU Reset Service Identifier 0x11. Module Options msf use post/hardware/automotive/ecuhardreset msf postecuhardreset show actions ...actions... msf postecuhardreset set ACTION msf postecuhardreset show options ...show and set options... msf postecuhardreset...