Lucene search
K
MetasploitMost viewed

6850 matches found

Metasploit
Metasploit
•added 2021/01/23 5:41 p.m.•120 views

MobileIron MDM Hessian-Based Java Deserialization RCE

This module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint. Module Options msf use exploit/linux/http/mobileironmdmhessianrce msf exploitmobileironmdmhessianrce show targets ...targets... msf...

9.8CVSS9.4AI score0.99737EPSS
Exploits4
Metasploit
Metasploit
•added 2020/06/22 10:11 a.m.•120 views

Cisco ASA Authentication Bypass (EXTRABACON)

This module patches the authentication functions of a Cisco ASA to allow uncredentialed logins. Uses improved shellcode for payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA...

8.8CVSS1AI score0.87503EPSS
Exploits7
Metasploit
Metasploit
•added 2018/08/06 3:11 p.m.•120 views

OS X Display Apple VNC Password

This module shows Apple VNC Password from Mac OS X High Sierra. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OS X Display Apple VNC Password', 'Description' = %q This module shows Apple VNC...

6.9AI score
Exploits0
Metasploit
Metasploit
•added 2018/01/28 5:11 a.m.•120 views

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid executables...

7.2CVSS7.4AI score0.09454EPSS
Exploits35
Metasploit
Metasploit
•added 2016/05/30 12:40 a.m.•119 views

IPFire Bash Environment Variable Injection (Shellshock)

IPFire, a free linux based open source firewall distribution, version 'IPFire Bash Environment Variable Injection Shellshock', 'Description' = %q IPFire, a free linux based open source firewall distribution, version 'h00die ', module 'Claudio Viviani' discovery , 'References' = 'EDB', '34839' ,...

9.8CVSS9.9AI score0.99999EPSS
Exploits131
Metasploit
Metasploit
•added 2014/11/10 7:42 p.m.•119 views

Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration

This module can be used to obtain a list of all logins from a SQL Server with any login. Selecting all of the logins from the master..syslogins table is restricted to sysadmins. However, logins with the PUBLIC role everyone can quickly enumerate all SQL Server logins using the SUSERSNAME function...

7.7AI score
Exploits0
Metasploit
Metasploit
•added 2007/02/18 12:10 a.m.•119 views

PHP XML-RPC Arbitrary Code Execution

This module exploits an arbitrary code execution flaw discovered in many implementations of the PHP XML-RPC module. This flaw is exploitable through a number of PHP web applications, including but not limited to Drupal, Wordpress, Postnuke, and TikiWiki. This module requires Metasploit:...

7.5CVSS0.2AI score0.79071EPSS
Exploits5
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•118 views

HTTP Fetch, Generic x86 Tight Loop

Fetch and execute an x86 payload from an HTTP server. Generate a tight loop in the target process Module Options msf use payload/cmd/windows/http/x86/generic/tightloop msf payloadtightloop show actions ...actions... msf payloadtightloop set ACTION msf payloadtightloop show options ...show and set...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2023/01/24 7:51 p.m.•118 views

Python Exec, Python Pingback, Bind TCP (via python)

Execute a Python payload from a command. Listens for a connection from the attacker, sends a UUID, then terminates Module Options msf use payload/cmd/windows/python/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf payloadpingbackbindt...

7AI score
Exploits0
Metasploit
Metasploit
•added 2022/03/16 5:42 p.m.•118 views

Python Exec, Python Pingback, Bind TCP (via python)

Execute a Python payload as an OS command from a Posix-compatible shell. Listens for a connection from the attacker, sends a UUID, then terminates Module Options msf use payload/cmd/unix/python/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2020/03/12 10:41 a.m.•118 views

Rconfig 3.x Chained Remote Code Execution

This module exploits multiple vulnerabilities in rConfig version 3.9 in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the...

9.8CVSS9.7AI score0.99683EPSS
Exploits20
Metasploit
Metasploit
•added 2014/07/08 1:0 a.m.•118 views

Cisco ASA SSL VPN Privilege Escalation Vulnerability

This module exploits a privilege escalation vulnerability for Cisco ASA SSL VPN aka: WebVPN. It allows level 0 users to escalate to level 15. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cis...

8.5CVSS7.7AI score0.11456EPSS
Exploits3
Metasploit
Metasploit
•added 2006/05/30 4:11 p.m.•118 views

MS05-017 Microsoft Message Queueing Service Path Overflow

This module exploits a stack buffer overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's...

10CVSS7.3AI score0.76803EPSS
Exploits10
Metasploit
Metasploit
•added 2021/11/12 5:42 p.m.•117 views

BillQuick Web Suite txtID SQLi

This module exploits a SQL injection vulnerability in BillQUick Web Suite prior to version 22.0.9.1. The application is .net based, and the database is required to be MSSQL. Luckily the website gives error based SQLi messages, so it is trivial to pull data from the database. However the webapp us...

9.8CVSS9.8AI score0.73269EPSS
Exploits3
Metasploit
Metasploit
•added 2021/09/28 5:42 p.m.•117 views

QQ Credential Gatherer

This module searches for QQ credentials on a Windows host. Module Options msf use post/windows/gather/credentials/qq msf postqq show actions ...actions... msf postqq set ACTION msf postqq show options ...show and set options... msf postqq run This module requires Metasploit:...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2014/11/19 8:7 p.m.•117 views

Hikvision DVR RTSP Request Remote Code Execution

This module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware...

7.5CVSS7.7AI score0.72084EPSS
Exploits5
Metasploit
Metasploit
•added 2021/08/17 5:42 p.m.•116 views

Lucee Administrator imgProcess.cfm Arbitrary File Write

This module exploits an arbitrary file write in Lucee Administrator's imgProcess.cfm file to execute commands as the Tomcat user. Module Options msf use exploit/linux/http/luceeadminimgprocessfilewrite msf exploitluceeadminimgprocessfilewrite show targets ...targets... msf...

9.8CVSS8.6AI score0.89189EPSS
Exploits5
Metasploit
Metasploit
•added 2020/12/17 5:41 p.m.•116 views

Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow

This module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 x86 in VirtualBox, VMware Fusion, and VMware...

10CVSS9.7AI score0.80291EPSS
Exploits13
Metasploit
Metasploit
•added 2018/10/23 4:35 a.m.•116 views

blueimp's jQuery (Arbitrary) File Upload

This module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions "blueimp's jQuery Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File...

9.8CVSS0.97107EPSS
Exploits15
Metasploit
Metasploit
•added 2018/07/12 11:46 p.m.•116 views

Axis Network Camera .srv-to-parhand RCE

This module exploits an auth bypass in .srv functionality and a command injection in parhand to execute code as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axis Network Camer...

9.8CVSS8AI score0.86682EPSS
Exploits6
Metasploit
Metasploit
•added 2014/10/20 11:3 p.m.•116 views

Jenkins-CI Script-Console Java Execution

This module uses the Jenkins-CI Groovy script console to execute OS commands using Java. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins-CI Script-Console Java Execution', 'Description'...

7.5AI score
Exploits0
Metasploit
Metasploit
•added 2012/04/05 5:35 p.m.•116 views

Allen-Bradley/Rockwell Automation EtherNet/IP CIP Commands

The EtherNet/IP CIP protocol allows a number of unauthenticated commands to a PLC which implements the protocol. This module implements the CPU STOP command, as well as the ability to crash the Ethernet card in an affected device. This module is based on the original 'ethernetip-multi.rb' Basecam...

7.6AI score
Exploits0
Metasploit
Metasploit
•added 2026/06/29 7:4 p.m.•115 views

Linux Execute Command

Execute an arbitrary command. Module Options msf use payload/linux/loongarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run frozenstringliteral: true This module requires Metasploit:...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•115 views

HTTP Fetch, Windows Executable Download (http,https,ftp) and Execute

Fetch and execute an x86 payload from an HTTP server. Download an EXE from an HTTPS/FTP URL and execute it Module Options msf use payload/cmd/windows/http/x86/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2022/09/08 7:49 p.m.•115 views

Powershell Exec, Windows shellcode stage, Reverse HTTPS Stager with Support for Custom Proxy

Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP using SSL with custom proxy support Module Options msf use payload/cmd/windows/powershell/custom/reversehttpsproxy msf payloadreversehttpsproxy show actions ...actions... msf...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2021/09/28 5:42 p.m.•115 views

Tango Credential Gatherer

This module searches for Tango credentials on a Windows host. Tango is a third-party, cross platform messaging application software for smartphones developed by TangoME, Inc. Module Options msf use post/windows/gather/credentials/tango msf posttango show actions ...actions... msf posttango set...

6.9AI score
Exploits0
Metasploit
Metasploit
•added 2020/12/15 5:41 p.m.•114 views

Microsoft Windows DrawIconEx OOB Write Local Privilege Elevation

This module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx within win32k. The out of bounds write can be used to overwrite the pvbits of a SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code executio...

7.8CVSS7.9AI score0.52778EPSS
Exploits5
Metasploit
Metasploit
•added 2012/04/13 11:12 p.m.•114 views

V-CMS PHP File Upload and Execute

This module exploits a vulnerability found on V-CMS's inline image upload feature. The problem is due to the inlineimageupload.php file not checking the file type before saving it on the web server. This allows any malicious user to upload a script such as PHP without authentication, and then...

7.5CVSS7.2AI score0.65485EPSS
Exploits6
Metasploit
Metasploit
•added 2012/01/22 9:39 p.m.•114 views

VMWare Authentication Daemon Login Scanner

This module will test vmauthd logins on a range of machines and report successful logins. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

7.5CVSS7.3AI score0.53618EPSS
Exploits41
Metasploit
Metasploit
•added 2009/04/30 6:11 a.m.•114 views

PHP Base64 Encoder

This encoder returns a base64 string encapsulated in evalbase64decode, increasing the size by a bit more than one third. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Base64 Encoder',...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•113 views

HTTP Fetch, Generic x86 Debug Trap

Fetch and execute an x86 payload from an HTTP server. Generate a debug trap in the target process Module Options msf use payload/cmd/windows/http/x86/generic/debugtrap msf payloaddebugtrap show actions ...actions... msf payloaddebugtrap set ACTION msf payloaddebugtrap show options ...show and set...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•113 views

HTTP Fetch, DNS TXT Record Payload Download and Execution

Fetch and execute an x86 payload from an HTTP server. Performs a TXT query against a series of DNS records and executes the returned x86 shellcode. The DNSZONE option is used as the base name to iterate over. The payload will first request the TXT contents of the a hostname, followed by b, then c...

6.1AI score
Exploits0
Metasploit
Metasploit
•added 2021/05/12 5:42 p.m.•113 views

ExifTool DjVu ANT Perl injection

This module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field. Module...

7.8CVSS8.4AI score0.99981EPSS
Exploits39
Metasploit
Metasploit
•added 2020/06/22 10:11 a.m.•113 views

Cisco Data Center Network Manager Unauthenticated File Download

DCNM exposes a servlet to download files on /fm/downloadServlet. An authenticated user can abuse this servlet to download arbitrary files as root by specifying the full path of the file. This module was tested on the DCNM Linux virtual appliance 10.42, 11.01 and 11.11, and should work on a few...

9.8CVSS7.1AI score0.82815EPSS
Exploits8
Metasploit
Metasploit
•added 2010/08/24 6:22 p.m.•113 views

Tomcat UTF-8 Directory Traversal Vulnerability

This module tests whether a directory traversal vulnerability is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 - 6.0.16 under specific and non-default installations. The connector must have allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the...

4.3CVSS6.9AI score0.99708EPSS
Exploits22
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•112 views

HTTP Fetch

Fetch and execute an x86 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x86/formatalldrives msf payloadformatalldrives show actions ...actions... msf payloadformatalldrives set ACTION msf payloadformatalldrives show options ...show and set options... msf...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•112 views

HTTP Fetch, Reverse TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/dllinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...

6AI score
Exploits0
Metasploit
Metasploit
•added 2023/02/03 7:50 p.m.•112 views

Lenovo Diagnostics Driver IOCTL memmove

Incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory read/write. Module Options msf use exploit/windows/local/cve20223699lenovodiagnosticsdriver msf...

7.8CVSS7.9AI score0.04284EPSS
Exploits4
Metasploit
Metasploit
•added 2019/07/07 2:50 p.m.•112 views

PHP Laravel Framework token Unserialize Remote Command Execution

This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x = 5.6.29. Remote Command...

8.1CVSS0.4AI score0.8703EPSS
Exploits12
Metasploit
Metasploit
•added 2015/02/18 4:56 a.m.•112 views

Zabbix Server Brute Force Utility

This module attempts to login to Zabbix server instance using username and password combinations indicated by the USERFILE, PASSFILE, and USERPASSFILE options. It will also test for the Zabbix default login Admin:zabbix and guest access. This module requires Metasploit:...

7.5AI score
Exploits0
Metasploit
Metasploit
•added 2014/12/22 8:37 p.m.•112 views

MS14-068 Microsoft Kerberos Checksum Validation Vulnerability

This module exploits a vulnerability in the Microsoft Kerberos implementation. The problem exists in the verification of the Privilege Attribute Certificate PAC from a Kerberos TGS request, where a domain user may forge a PAC with arbitrary privileges, including Domain Administrator. This module...

8.8CVSS8.6AI score0.87448EPSS
Exploits8
Metasploit
Metasploit
•added 2012/08/27 9:25 a.m.•112 views

Java 7 Applet Remote Code Execution

The exploit takes advantage of two issues in JDK 7: The ClassFinder and MethodFinder.findMethod. Both were newly introduced in JDK 7. ClassFinder is a replacement for classForName back in JDK 6. It allows untrusted code to obtain a reference and have access to a restricted package in JDK 7, which...

9.8CVSS0.4AI score0.98536EPSS
Exploits10
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•111 views

HTTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports...

6AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•111 views

HTTP Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/http/x86/dllinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp sho...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•111 views

Powershell Exec, Reverse Hop HTTP/HTTPS Stager

Execute an x86 payload from a command via PowerShell. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. Module Options msf use payload/cmd/windows/powershell/meterpreter/reversehophttp msf...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2021/09/28 5:42 p.m.•111 views

Thunderbird Credential Gatherer

This module searches for Thunderbird credentials on a Windows host. Module Options msf use post/windows/gather/credentials/thunderbird msf postthunderbird show actions ...actions... msf postthunderbird set ACTION msf postthunderbird show options ...show and set options... msf postthunderbird run...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2021/08/12 5:51 p.m.•111 views

Lexmark Driver Privilege Escalation

Various Lexmark Universal Printer drivers as listed at advisory TE953 allow low-privileged authenicated users to elevate their privileges to SYSTEM on affected Windows systems by modifying the XML file at C:\ProgramData\Universal Color Laser.gdl to replace the DLL path to unires.dll with a...

7.8CVSS8.5AI score0.01413EPSS
Exploits3
Metasploit
Metasploit
•added 2020/12/18 5:41 p.m.•112 views

Pulse Secure VPN gzip RCE

The Pulse Connect Secure appliance before 9.1R9 suffers from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in Remote Code Execution as root. Admin credentials are required for successful exploitation. Of note, MANY binaries are not ...

7.2CVSS8.2AI score0.9648EPSS
Exploits4
Metasploit
Metasploit
•added 2012/05/03 2:57 a.m.•111 views

Java RMI Server Insecure Endpoint Code Execution Scanner

Detect Java RMI endpoints This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Server Insecure Endpoint Code Execution Scanner', 'Description' = 'Detect Jav...

7.5CVSS0.3AI score0.76245EPSS
Exploits4
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•110 views

Powershell Exec, Reverse Ordinal TCP Stager (No NX or Win7)

Execute an x86 payload from a command via PowerShell. Connect back to the attacker Module Options msf use payload/cmd/windows/powershell/dllinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show an...

7.1AI score
Exploits0
Total number of security vulnerabilities5000