Powershell Exec, Reverse HTTPS Stager with Support for Custom Proxy

Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP using SSL with custom proxy support Module Options msf use payload/cmd/windows/powershell/meterpreter/reversehttpsproxy msf payloadreversehttpsproxy show actions ...actions... msf payloadreversehttpsproxy set...

Powershell Exec, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support

Execute an x64 payload from a command via PowerShell. Spawn a piped command shell Windows x64 staged. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... m...

Sudo Heap-Based Buffer Overflow

A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations...

Moxa UDP Device Discovery

The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed...

HTTPS Fetch, Windows Meterpreter Shell, Bind TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/https/x86/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp...

HTTPS Fetch, Windows x86 Reverse Named Pipe (SMB) Stager

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/https/x86/meterpreter/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION msf...

HTTPS Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/peinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... m...

HTTPS Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show...

HTTPS Fetch, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/peinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...

HTTPS Fetch

Fetch and execute an x86 payload from an HTTPS server. Module Options msf use payload/cmd/windows/https/x86/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set options... msf payloadloadlibrary run Thi...

HTTPS Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show option...

TFTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute a x86 payload from a TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x86/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show a...

TFTP Fetch

Fetch and execute a MIPS64 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/mips64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show a...

Powershell Exec, Windows x64 Command Shell, Windows x64 Bind Named Pipe Stager

Execute an x64 payload from a command via PowerShell. Spawn a piped command shell Windows x64 staged. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/shell/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe...

Powershell Exec, Generic x86 Tight Loop

Execute an x86 payload from a command via PowerShell. Generate a tight loop in the target process Module Options msf use payload/cmd/windows/powershell/generic/tightloop msf payloadtightloop show actions ...actions... msf payloadtightloop set ACTION msf payloadtightloop show options ...show and s...

Wordpress Drag and Drop Multi File Uploader RCE

This module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation. This module require...

WildFly Directory Traversal

This module exploits a directory traversal vulnerability found in the WildFly 8.1.0.Final web server running on port 8080, named JBoss Undertow. The vulnerability only affects to Windows systems. This module requires Metasploit: https://metasploit.com/download Current source:...

HTTP Fetch, Windows Meterpreter Shell, Reverse TCP Inline (IPv6)

Fetch and execute an x86 payload from an HTTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/http/x86/meterpreterreverseipv6tcp msf payloadmeterpreterreverseipv6tcp show actions ...actions... msf...

HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns sh...

HTTPS Fetch, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/patchupmeterpreter/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe sh...

HTTPS Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/peinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...

HTTPS Fetch, Bind TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

Linux RC4 Encrypted Payload Generator

This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/x64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...

SMB Fetch, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an SMB server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

SMB Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTIO...

SMB Fetch, Windows x64 Reverse Named Pipe (SMB) Stager

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/smb/x64/peinject/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTION msf...

HTTPS Fetch, Linux Command Shell, Bind TCP Stager (Linux x86)

Fetch and execute an x86 payload from an HTTPS server. Spawn a command shell staged. Listen for a connection Linux x86 Module Options msf use payload/cmd/linux/https/x86/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...sh...

HTTPS Fetch

Fetch and execute an MIPS64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/mips64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...sh...

Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation

This module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. This may also work against The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary...

Powershell Exec, Windows Meterpreter Shell, Bind TCP Inline (x64)

Execute an x64 payload from a command via PowerShell. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/x64/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf...

Powershell Exec, Windows x64 LoadLibrary Path

Execute an x64 payload from a command via PowerShell. Load an arbitrary x64 library path Module Options msf use payload/cmd/windows/powershell/x64/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set...

Netsweeper WebAdmin unixlogin.php Python Code Injection

This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...

HTTPS Fetch, Windows MessageBox

Fetch and execute an x86 payload from an HTTPS server. Spawns a dialog via MessageBox using a customizable title, text & icon Module Options msf use payload/cmd/windows/https/x86/messagebox msf payloadmessagebox show actions ...actions... msf payloadmessagebox set ACTION msf payloadmessagebox sho...

SMB Fetch, Windows x64 Reverse HTTPS Stager (winhttp)

Fetch and execute an x64 payload from an SMB server. Tunnel communication over HTTPS Windows x64 winhttp Module Options msf use payload/cmd/windows/smb/x64/meterpreter/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...

SMB Fetch, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/smb/x64/vncinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and se...

HTTPS Fetch, Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/linux/https/x86/meterpreter/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...

HTTPS Fetch, Linux Chmod

Fetch and execute an x86 payload from an HTTPS server. Runs chmod on specified file with specified mode Module Options msf use payload/cmd/linux/https/x86/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf...

TFTP Fetch, Linux Read File

Fetch and execute a x86 payload from a TFTP server. Read up to 4096 bytes from the local file system and write it back out to the specified file descriptor Module Options msf use payload/cmd/linux/tftp/x86/readfile msf payloadreadfile show actions ...actions... msf payloadreadfile set ACTION msf...

Powershell Exec, Windows Reverse HTTP Stager (wininet)

Execute an x86 payload from a command via PowerShell. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/powershell/meterpreter/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show option...

Powershell Exec, Windows Meterpreter Shell, Reverse HTTPS Inline

Execute an x86 payload from a command via PowerShell. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...

Firefox MCallGetProperty Write Side Effects Use After Free Exploit

This modules exploits CVE-2020-26950, a use after free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order to construc...

Microsoft IIS HTTP Internal IP Disclosure

Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 win2k, XP and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the...

HTTP Fetch, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show...

HTTPS Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/dllinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid...

SMB Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/smb/x64/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...

HTTP Fetch, Reverse TCP Stager

Fetch and execute a x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x86/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid show options ...show a...

TFTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute a x86 payload from a TFTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/tftp/x86/shellbindtcprandomport msf payloadshellbindtcprandomport show action...

HTTP Fetch

Fetch and execute an x64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and set...

HTTPS Fetch, Windows shellcode stage, Windows x64 Bind Named Pipe Stager

Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/custom/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...

Powershell Exec, Windows Meterpreter Shell, Reverse TCP Inline x64

Execute an x64 payload from a command via PowerShell. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/x64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf...