6846 matches found
Microsoft IIS HTTP Internal IP Disclosure
Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 win2k, XP and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the...
HTTP Fetch, Windows Reverse HTTPS Stager (wininet)
Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/cmd/windows/http/x86/meterpreter/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...
HTTP Fetch, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Listen for a connection No NX Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and...
HTTP Fetch, Windows Reverse HTTP Stager (wininet)
Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/http/x86/vncinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...
HTTP Fetch, Reverse TCP Stager
Fetch and execute a x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x86/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid show options ...show a...
TFTP Fetch, Linux Command Shell, Bind TCP Random Port Inline
Fetch and execute a x86 payload from a TFTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/tftp/x86/shellbindtcprandomport msf payloadshellbindtcprandomport show action...
HTTP Fetch
Fetch and execute an x64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/x64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and set...
HTTPS Fetch, Windows shellcode stage, Windows x64 Bind Named Pipe Stager
Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/https/x64/custom/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...
Powershell Exec, Windows Command Shell, Reverse TCP Stager (DNS)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/shell/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf...
Powershell Exec, Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTI...
Powershell Exec, Windows Command Shell, Hidden Bind TCP Inline
Execute an x86 payload from a command via PowerShell. Listen for a connection from certain IP and spawn a command shell. The shellcode will reply with a RST packet if the connections is not coming from the IP defined in AHOST. This way the port will appear as "closed" helping us to hide the...
Linux Meterpreter, Reverse TCP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1516524 include...
ClickFix Server
This creates a Web Server which hosts a ClickFix type exploit. When a user visits the site they are given instructions on pasting our payload into a run dialog. When using a custom html page, please use INSERTPAYLOADHERE as the spot to put the generated payload in. Module Options msf use...
HTTP Fetch, Windows x86 Bind Named Pipe Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/peinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...
HTTPS Fetch, Linux Command Shell, Bind TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a command shell staged. Listen for a connection Module Options msf use payload/cmd/linux/https/x86/shell/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options...
HTTP Fetch, Reverse TCP Stager
Fetch and execute a x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x86/meterpreter/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options ...show a...
TFTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline (x64)
Fetch and execute an x64 payload from a TFTP server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/tftp/x64/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...
Powershell Exec, Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager
Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/powershell/x64/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe se...
Powershell Exec, Windows shellcode stage, Hidden Bind Ipknock TCP Stager
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcod...
Powershell Exec, Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Listen for a connection Module Options msf use payload/cmd/windows/powershell/upexec/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4...
Powershell Exec, Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/shell/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf...
Password Cracker: Mobile
This module uses Hashcat to identify weak passwords that have been acquired from Android systems. These utilize MD5 or SHA1 hashing. Android Samsung SHA1 is format 5800 in Hashcat. Android non-Samsung SHA1 is format 110 in Hashcat. Android MD5 is format 10. JTR does not support Android hashes at...
Squid Proxy Port Scanner
A exposed Squid proxy will usually allow an attacker to make requests on their behalf. If misconfigured, this may give the attacker information about devices that they cannot normally reach. For example, an attacker may be able to make requests for internal IP addresses against an open Squid prox...
HTTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTP server. Listen for a connection Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...
HTTPS Fetch, Windows Meterpreter Shell, Reverse TCP Inline (IPv6)
Fetch and execute an x86 payload from an HTTPS server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/https/x86/meterpreterreverseipv6tcp msf payloadmeterpreterreverseipv6tcp show actions ...actions... msf...
SMB Fetch, Bind TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an SMB server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show optio...
TFTP Fetch
Fetch and execute a x86 payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/x86/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
HTTPS Fetch, Linux Command Shell, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x86/shell/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...
TFTP Fetch, Linux Meterpreter Service, Bind TCP
Fetch and execute a x86 payload from a TFTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/tftp/x86/metsvcbindtcp msf payloadmetsvcbindtcp show actions ...actions... msf payloadmetsvcbindtcp set ACTION msf payloadmetsvcbindtcp show options...
Linux Command Shell, Reverse SCTP Stager
Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/linux/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set options... msf payloadreversesctp run This...
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nftseteleminit leading to a buffer overflow could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAPNETADMIN...
Powershell Exec, Windows Meterpreter Shell, Bind Named Pipe Inline (x64)
Execute an x64 payload from a command via PowerShell. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/powershell/x64/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...
Gitea Git Hooks Remote Code Execution
This module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create git hooks, which is the default for administrative users. For non-administrative users, the permission need...
Ray Sharp DVR Password Retriever
This module takes advantage of a protocol design issue with the Ray Sharp based DVR systems. It is possible to retrieve the username and password through the TCP service running on port 9000. Other brands using this platform and exposing the same issue may include Swann, Lorex, Night Owl, Zmodo,...
HTTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/meterpreter/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show an...
HTTP Fetch, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an HTTP server. Use an established connection Module Options msf use payload/cmd/windows/http/x86/meterpreter/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...
HTTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/peinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports s...
HTTP Fetch, Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for a connection Module Options msf use payload/cmd/windows/http/x86/upexec/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 sho...
HTTPS Fetch, Windows Meterpreter Shell, Reverse HTTPS Inline
Fetch and execute an x86 payload from an HTTPS server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/https/x86/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...
HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/dllinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options...
SMB Fetch, Windows Meterpreter Shell, Bind TCP Inline (x64)
Fetch and execute an x64 payload from an SMB server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/smb/x64/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp set...
SMB Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline (x64)
Fetch and execute an x64 payload from an SMB server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/smb/x64/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...
HTTPS Fetch, Linux Command Shell, Find Tag Inline
Fetch and execute an x86 payload from an HTTPS server. Spawn a shell on an established connection proxy/NAT safe Module Options msf use payload/cmd/linux/https/x86/shellfindtag msf payloadshellfindtag show actions ...actions... msf payloadshellfindtag set ACTION msf payloadshellfindtag show optio...
TFTP Fetch, Windows Meterpreter Shell, Reverse HTTPS Inline (x64)
Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/tftp/x64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf...
TFTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/tftp/x64/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...
Powershell Exec, Windows Command Shell, Bind TCP Stager (No NX or Win7)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Listen for a connection No NX Module Options msf use payload/cmd/windows/powershell/shell/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtc...
Powershell Exec, Hidden Bind Ipknock TCP Stager
Execute an x86 payload from a command via PowerShell. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...
Powershell Exec, Windows x64 Command Shell, Reverse TCP Inline
Execute an x64 payload from a command via PowerShell. Connect back to attacker and spawn a command shell Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...
DNS BailiWicked Domain Attack
This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled...
HTTP Fetch, Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/upexec/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION ms...