6846 matches found
Tomcat RCE via JSP Upload Bypass
This module uses a PUT request bypass to upload a jsp shell to a vulnerable Apache Tomcat configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tomcat RCE via JSP Upload Bypass',...
HTTP Fetch, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/peinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentcp s...
HTTPS Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline
Fetch and execute an x86 payload from an HTTPS server. Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/https/x86/meterpreterbindnamedpipe msf payloadmeterpreterbindnamedpipe show actions ...actions... msf...
HTTP Fetch, Bind IPv6 TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show option...
HTTP Fetch, Windows Command Shell, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/shell/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTI...
SMB Fetch, Bind TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an SMB server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show option...
Powershell Exec, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid s...
Powershell Exec, Windows shellcode stage, Reverse Hop HTTP/HTTPS Stager
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. Module Options msf use...
CCTV DVR Login Scanning Utility
This module tests for standalone CCTV DVR video surveillance deployments specifically by MicroDigital, HIVISION, CTRing, and numerous other rebranded devices that are utilizing default vendor passwords. Additionally, this module has the ability to brute force user accounts. Such CCTV DVR video...
Joplin Plugin Persistence
This module installs a malicious Joplin plugin .jpl into the target's Joplin plugin directory. The plugin executes the payload each time Joplin is launched, providing persistent code execution. Joplin can not be running at the time of plugin installation, or it will be overwriten at shutdown. The...
HTTPS Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns show...
HTTPS Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...
HTTPS Fetch, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/peinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentcp...
HTTP Fetch
Fetch and execute an x86 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x86/speakpwned msf payloadspeakpwned show actions ...actions... msf payloadspeakpwned set ACTION msf payloadspeakpwned show options ...show and set options... msf payloadspeakpwned run This modul...
Windows Persistence via UserInitMprLogonScript
This module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that payload...
Ansible Playbook Error Message File Reader
This module will read the first line of a file based on an error message from ansible-playbook with sudo privileges. ansible-playbook takes a yaml file as input, and if there is an error, such as a non-yaml file, it outputs the line where the error occurs. This can be exploited to read the first...
Powershell Exec, Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/x64/custom/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show optio...
Powershell Exec, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x86)
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/powershell/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...
Powershell Exec, Windows Command Shell, Reverse TCP Stager (No NX or Win7)
Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/powershell/shell/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...
Pi-Hole Whitelist OS Command Execution
This exploits a command execution vulnerability in Pi-Hole 'Pi-Hole Whitelist OS Command Execution', 'Description' = %q This exploits a command execution vulnerability in Pi-Hole MSFLICENSE, 'Author' = 'h00die', msf module 'Denis Andzakovic' original PoC, discovery , 'References' = 'URL',...
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
This module exploits an issue in ptracelink in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel before...
Exim GHOST (glibc gethostbyname) Buffer Overflow
This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x8664 GNU/Linux systems that run the Exim mail server. This module requires Metasploit: https://metasploit.com/download Current source:...
DNS Amplification Scanner
This module can be used to discover DNS servers which expose recursive name lookups which can be used in an amplification attack against a third party. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
HTTP Fetch, Windows Command Shell, Bind TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show optio...
HTTP Fetch, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show options ...sh...
HTTPS Fetch, Windows x86 Bind Named Pipe Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show...
HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
HTTPS Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...
HTTPS Fetch, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/dllinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...
HTTPS Fetch, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/https/x86/meterpreter/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show option...
HTTP Fetch, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Listen for a connection No NX Module Options msf use payload/cmd/windows/http/x86/vncinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...
HTTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/vncinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports...
HTTPS Fetch, Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for a connection Module Options msf use payload/cmd/windows/https/x86/custom/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...sho...
Powershell Exec, Windows shellcode stage, Reverse Ordinal TCP Stager (No NX or Win7)
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/custom/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp sh...
Powershell Exec, Bind TCP Stager (No NX or Win7)
Execute an x86 payload from a command via PowerShell. Listen for a connection No NX Module Options msf use payload/cmd/windows/powershell/dllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...
ZoneMinder Language Settings Remote Code Execution
This module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Module Options msf use exploit/unix/webapp/zoneminderlangexec...
Cisco Secure ACS Unauthorized Password Change
This module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well as version 5.2 with either no patches or patches 1 and 2 are vulnerable. Th...
Adobe Reader for Android addJavascriptInterface Exploit
Adobe Reader versions less than 11.2.0 exposes insecure native interfaces to untrusted javascript in a PDF. This module embeds the browser exploit from android/webviewaddjavascriptinterface into a PDF to get a command shell on vulnerable versions of Reader. This module requires Metasploit:...
VS Code Extension Persistence
This module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested against 1.120....
HTTP Fetch, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Listen for a connection No NX Module Options msf use payload/cmd/windows/http/x86/meterpreter/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...
HTTPS Fetch, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTPS server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The sock...
HTTPS Fetch, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an HTTPS server. Use an established connection Module Options msf use payload/cmd/windows/https/x86/patchupdllinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options...
HTTP Fetch, Windows Command Shell, Reverse TCP Stager (IPv6)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/http/x86/shell/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...
HTTPS Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/cmd/windows/https/x86/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...
HTTPS Fetch, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager
Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/https/x86/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set...
HTTP Fetch, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...
SMB Fetch, Windows x64 Bind TCP Stager
Fetch and execute an x64 payload from an SMB server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...
Powershell Exec, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager
Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf...
Powershell Exec, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
Execute an x86 payload from a command via PowerShell. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/upexec/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...
Powershell Exec, Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager
Execute an x64 payload from a command via PowerShell. Spawn a piped command shell Windows x64 staged. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set...