Lucene search
K
MetasploitMost viewed

6847 matches found

Metasploit
Metasploit
•added 2013/06/04 1:53 p.m.•72 views

MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution

This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MiniUPnPd 1.0 Stac...

10CVSS0.9AI score0.69151EPSS
Exploits14
Metasploit
Metasploit
•added 2013/02/01 7:3 a.m.•72 views

Microsoft Word UNC Path Injector

This module modifies a .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. It can also create an empty docx file. If emailed the receiver needs to put the document in editing mode before the remote server will be contacted. Preview and read-only mode do not wor...

7AI score
Exploits0
Metasploit
Metasploit
•added 2013/01/05 1:44 a.m.•72 views

Wordpress Pingback Locator

This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the API an attacker can cause the wordpress site to port scan an external target and return results. Refer to the wordpresspingbackportscanner module. This issue was fixed in wordpress 3.5.1 This module...

6.4CVSS7.1AI score0.28857EPSS
Exploits3
Metasploit
Metasploit
•added 2012/12/03 7:12 p.m.•72 views

Ektron 8.02 XSLT Transform Remote Code Execution

This module exploits a vulnerability in Ektron CMS 8.02 before SP5. The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute arbitrary...

9.8CVSS0.8AI score0.67776EPSS
Exploits6
Metasploit
Metasploit
•added 2012/05/13 6:59 p.m.•72 views

Hashtable Collisions

This module uses a denial-of-service DoS condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a...

7.8CVSS7.4AI score0.83911EPSS
Exploits16
Metasploit
Metasploit
•added 2011/05/30 9:0 p.m.•72 views

7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities

This module exploits multiple vulnerabilities found on IGSS 9's Data Server and Data Collector services. The initial approach is first by transferring our binary with Write packets opcode 0x0D via port 12401 igssdataserver.exe, and then send an EXE packet opcode 0x0A to port 12397 dc.exe, which...

10CVSS7.1AI score0.66982EPSS
Exploits11
Metasploit
Metasploit
•added 2009/12/13 2:56 a.m.•72 views

NTP.org ntpd Reserved Mode Denial of Service

This module exploits a denial of service vulnerability within the NTP network time protocol demon. By sending a single packet to a vulnerable ntpd server Victim A, spoofed from the IP address of another vulnerable ntpd server Victim B, both victims will enter an infinite response loop. Note, unle...

6.4CVSS6.8AI score0.32288EPSS
Exploits3
Metasploit
Metasploit
•added 2006/11/28 2:41 p.m.•72 views

3CTftpSvc TFTP Long Mode Buffer Overflow

This module exploits a stack buffer overflow in 3CTftpSvc 2.0.1. By sending a specially crafted packet with an overly long mode field, a remote attacker could overflow a buffer and execute arbitrary code on the system. This module requires Metasploit: https://metasploit.com/download Current sourc...

10CVSS8.1AI score0.7057EPSS
Exploits12
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•71 views

HTTP Fetch, Windows shellcode stage, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Use an established connection Module Options msf use payload/cmd/windows/http/x86/custom/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and se...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•71 views

HTTP Fetch, Windows shellcode stage, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/http/x86/custom/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•71 views

Powershell Exec, Windows x64 Bind TCP Stager

Execute an x64 payload from a command via PowerShell. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/peinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2021/09/28 5:42 p.m.•71 views

K-Meleon Credential Gatherer

This module searches for K-Meleon credentials on a Windows host. Module Options msf use post/windows/gather/credentials/kmeleon msf postkmeleon show actions ...actions... msf postkmeleon set ACTION msf postkmeleon show options ...show and set options... msf postkmeleon run This module requires...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2021/09/28 5:42 p.m.•71 views

Opera Credential Gatherer

This module searches for Opera credentials on a Windows host. Module Options msf use post/windows/gather/credentials/opera msf postopera show actions ...actions... msf postopera set ACTION msf postopera show options ...show and set options... msf postopera run This module requires Metasploit:...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2021/07/23 5:45 p.m.•71 views

Apache Tapestry HMAC secret key leak

This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry. This key is located in the file AppModule.class by default and looks like the standard representation of UUID in hex digits hd : 6hd-4hd-4hd-4hd-12hd If the HMAC key has been changed to look differently, this...

10CVSS9.3AI score0.94089EPSS
Exploits5
Metasploit
Metasploit
•added 2020/05/11 5:5 p.m.•71 views

SaltStack Salt Master/Minion Unauthenticated RCE

This module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager...

9.8CVSS9AI score0.96405EPSS
Exploits25
Metasploit
Metasploit
•added 2020/04/21 8:49 a.m.•71 views

IBM Data Risk Manager Unauthenticated Remote Code Execution

IBM Data Risk Manager IDRM contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally abuse of an insecure default password. Thi...

9.8CVSS9AI score0.71363EPSS
Exploits10
Metasploit
Metasploit
•added 2019/12/26 10:12 a.m.•71 views

Apache Solr Remote Code Execution via Velocity Template

This module exploits a vulnerability in Apache Solr 'Apache Solr Remote Code Execution via Velocity Template', 'Description' = %q This module exploits a vulnerability in Apache Solr = 8.3.0 which allows remote code execution via a custom Velocity template. Currently, this module only supports Sol...

7.5CVSS8.1AI score0.98567EPSS
Exploits12
Metasploit
Metasploit
•added 2019/02/14 8:35 a.m.•71 views

Fortinet SSL VPN Bruteforce Login Utility

This module scans for Fortinet SSL VPN web login portals and performs login brute force to identify valid credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet SSL VPN Bruteforc...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2018/08/31 10:55 p.m.•71 views

Eaton Xpert Meter SSH Private Key Exposure Scanner

Eaton Power Xpert Meters running firmware below version 12.x.x.x or below version 13.3.x.x ship with a public/private key pair that facilitate remote administrative access to the devices. Tested on: Firmware 12.1.9.1 and 13.3.2.10. This module requires Metasploit: https://metasploit.com/download...

9.8CVSS9.6AI score0.34929EPSS
Exploits3
Metasploit
Metasploit
•added 2018/05/03 12:51 p.m.•71 views

Reliable Datagram Sockets (RDS) Privilege Escalation

This module exploits a vulnerability in the rdspagecopyuser function in net/rds/page.c RDS in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root CVE-2010-3904. This module has been tested successfully on Fedora 13 i686 with kernel version 2.6.33.3-85.fc13.i686.PAE and Ubuntu 10.04...

7.8CVSS7.8AI score0.11217EPSS
Exploits16
Metasploit
Metasploit
•added 2016/10/25 2:41 p.m.•71 views

Windows Manage Persistent EXE Payload Installer

This Module will upload an executable to a remote host and make it Persistent. It can be installed as USER, SYSTEM, or SERVICE. USER will start on user login, SYSTEM will start on system boot but requires privs. SERVICE will create a new service which will start the payload. Again requires privs...

0.1AI score
Exploits0
Metasploit
Metasploit
•added 2016/05/05 7:18 p.m.•71 views

ImageMagick Delegate Arbitrary Command Execution

This module exploits a shell command injection in the way "delegates" commands for converting files are processed in ImageMagick versions 'ImageMagick Delegate Arbitrary Command Execution', 'Description' = %q This module exploits a shell command injection in the way "delegates" commands for...

7.5AI score
Exploits0
Metasploit
Metasploit
•added 2016/02/03 11:57 p.m.•71 views

NETGEAR ProSafe Network Management System 300 Authenticated File Download

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file download vulnerability that can be exploited by an authenticated remote attacker to download any file in the system. This module has been tested with versions 1.5.0.2, 1.4.0.17 and...

9.6CVSS6.8AI score0.94104EPSS
Exploits6
Metasploit
Metasploit
•added 2015/11/06 9:24 p.m.•71 views

LastPass Vault Decryptor

This module extracts and decrypts LastPass master login accounts and passwords, encryption keys, 2FA tokens and all the vault passwords This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' require 'sqlite...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2015/01/30 6:50 p.m.•71 views

Windows Gather User Credentials (phishing)

This module is able to perform a phishing attack on the target by popping up a loginprompt. When the user fills credentials in the loginprompt, the credentials will be sent to the attacker. The module is able to monitor for new processes and popup a loginprompt when a specific process is starting...

6.9AI score
Exploits0
Metasploit
Metasploit
•added 2015/01/16 12:39 p.m.•71 views

Authentication Capture: SMB

This module provides a SMB service that can be used to capture the challenge-response password NTLMv1 & NTLMv2 hashes used with SMB1, SMB2, or SMB3 client systems. Responses sent by this service by default use a random 8 byte challenge string. A specific value such as 1122334455667788 can be set...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2013/02/20 5:16 a.m.•71 views

WinRM Script Exec Remote Code Execution

This module uses valid credentials to login to the WinRM service and execute a payload. It has two available methods for payload delivery: Powershell 2 and above and VBS CmdStager. The module will check if Powershell is available, and if so uses that method. Otherwise it falls back to the VBS...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2013/02/03 8:6 p.m.•71 views

Unix Command Shell, Reverse TCP SSL (via perl)

Creates an interactive shell via perl, uses SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 173 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2012/12/04 11:32 p.m.•71 views

Microsoft Windows Authenticated Logged In Users Enumeration

This module uses a valid administrator username and password to enumerate users currently logged in, using a similar technique than the "psexec" utility provided by SysInternals. It uses reg.exe to query the HKU base registry key. This module requires Metasploit: https://metasploit.com/download...

7.5CVSS7.4AI score0.63703EPSS
Exploits13
Metasploit
Metasploit
•added 2012/03/23 9:23 p.m.•71 views

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

This module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callmepage.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callmestartcall in order to gain remote code execution. Please note in order to use this modu...

7.5CVSS0.70252EPSS
Exploits2
Metasploit
Metasploit
•added 2026/04/02 7:2 p.m.•70 views

HTTP Fetch, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTP server. Use an established connection Module Options msf use payload/cmd/windows/http/x86/dllinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...

5.9AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/14 5:42 p.m.•70 views

Bookmarked Sites Retriever

This module discovers information about a target by retrieving their bookmarked websites on Google Chrome, Opera and Microsoft Edge. Module Options msf use post/windows/gather/getbookmarks msf postgetbookmarks show actions ...actions... msf postgetbookmarks set ACTION msf postgetbookmarks show...

6.7AI score
Exploits0
Metasploit
Metasploit
•added 2021/04/15 5:42 p.m.•70 views

Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection

This module exploits a command injection vulnerability CVE-2020-35578 in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a...

9CVSS7.5AI score0.81915EPSS
Exploits7
Metasploit
Metasploit
•added 2020/09/23 5:41 p.m.•70 views

Windows SecureCRT Session Information Enumeration

This module will determine if SecureCRT is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible, using the decryption information that HyperSine reverse...

6.9AI score
Exploits0
Metasploit
Metasploit
•added 2018/10/06 2:20 p.m.•70 views

Microsoft Windows Defender Evasive JS.Net and HTA

This module will generate an HTA file that writes and compiles a JScript.NET file containing shellcode on the target machine. After compilation, the generated EXE will execute the shellcode without interference from Windows Defender. It is recommended that you use a payload that uses RC4 or HTTPS...

0.2AI score
Exploits0
Metasploit
Metasploit
•added 2018/07/31 12:29 p.m.•70 views

Path Traversal in Oracle GlassFish Server Open Source Edition

This module exploits an unauthenticated directory traversal vulnerability which exists in administration console of Oracle GlassFish Server 4.1, which is listening by default on port 4848/TCP. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5CVSS7.1AI score0.99479EPSS
Exploits7
Metasploit
Metasploit
•added 2018/02/02 7:53 a.m.•70 views

ASUS infosvr Auth Bypass Command Execution

This module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote...

10CVSS0.3AI score0.80731EPSS
Exploits12
Metasploit
Metasploit
•added 2017/11/14 6:30 a.m.•70 views

Xplico Remote Code Execution

This module exploits command injection vulnerability. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. The specific flaw exists within the Xplico, which listens on TCP port 9876 by default. The goal of Xplico is extract from ...

8.8CVSS0.2AI score0.80098EPSS
Exploits7
Metasploit
Metasploit
•added 2015/09/29 10:56 a.m.•70 views

Kaseya VSA uploader.aspx Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This module has been tested with Kaseya v7.0.0.17...

9.8CVSS0.5AI score0.82102EPSS
Exploits13
Metasploit
Metasploit
•added 2015/06/23 10:2 p.m.•70 views

Windows Gather Credentials Local Administrator Password Solution

This module will recover the LAPS Local Administrator Password Solution passwords, configured in Active Directory, which is usually only accessible by privileged users. Note that the local administrator account name is not stored in Active Directory, so it is assumed to be 'Administrator' by...

6.6AI score
Exploits0
Metasploit
Metasploit
•added 2014/10/09 5:14 p.m.•70 views

HTTP Login Utility

This module attempts to authenticate to an HTTP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/http' class...

7.5CVSS7.3AI score0.51933EPSS
Exploits41
Metasploit
Metasploit
•added 2014/07/18 9:51 a.m.•70 views

JBoss JMX Console Beanshell Deployer WAR Upload and Deployment

This module can be used to install a WAR file payload on JBoss servers that have an exposed "jmx-console" application. The payload is put on the server by using the jboss.system:BSHDeployer's createScriptDeployment method. This module requires Metasploit: https://metasploit.com/download Current...

5.3CVSS5.6AI score0.79415EPSS
Exploits28
Metasploit
Metasploit
•added 2014/06/23 7:16 p.m.•70 views

Windows Gather Skype Saved Password Hash Extraction

This module finds saved login credentials for the Windows Skype client. The hash is in MD5 format that uses the username, a static string "\nskyper\n" and the password. The resulting MD5 is stored in the Config.xml file for the user after being XOR'd against a key generated by applying 2 SHA1...

10AI score
Exploits0
Metasploit
Metasploit
•added 2012/09/10 5:32 p.m.•70 views

Linux udev Netlink Local Privilege Escalation

Versions of udev 'Linux udev Netlink Local Privilege Escalation', 'Description' = %q Versions of udev MSFLICENSE, 'Author' = 'kcope', discovery 'Jon Oberheide', 95-udev-late.rules technique 'egypt' metasploit module , 'Platform' = 'linux' , 'Arch' = ARCHX86, ARCHX64 , 'SessionTypes' = 'shell',...

7.2CVSS0.7AI score0.81528EPSS
Exploits12
Metasploit
Metasploit
•added 2011/11/12 6:36 p.m.•70 views

Support Incident Tracker Remote Command Execution

This module combines two separate issues within Support Incident Tracker 'Support Incident Tracker Remote Command Execution', 'Description' = %q This module combines two separate issues within Support Incident Tracker 'Secunia Research', Original discovery...

6CVSS6.8AI score0.19783EPSS
Exploits7
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•69 views

Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Execute an x86 payload from a command via PowerShell. Listen for a connection Module Options msf use payload/cmd/windows/powershell/patchupmeterpreter/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/05/11 5:43 p.m.•69 views

Powershell Exec, Hidden Bind TCP Stager

Execute an x86 payload from a command via PowerShell. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/powershell/patchupmeterpreter/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2022/03/16 5:42 p.m.•70 views

Python Exec, Command Shell, Reverse TCP (via python)

Execute a Python payload as an OS command from a Posix-compatible shell. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. Module Options msf use payload/cmd/unix/python/shellreversetcp msf payloadshellreversetcp show actions...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2021/09/28 5:42 p.m.•69 views

Flock Credential Gatherer

This module searches for credentials stored in Flock on a Windows host. Module Options msf use post/windows/gather/credentials/flock msf postflock show actions ...actions... msf postflock set ACTION msf postflock show options ...show and set options... msf postflock run This module requires...

6.9AI score
Exploits0
Metasploit
Metasploit
•added 2021/04/14 5:42 p.m.•69 views

Nagios XI Prior to 5.6.6 getprofile.sh Authenticated Remote Command Execution

This module exploits a vulnerability in the getprofile.sh script of Nagios XI prior to 5.6.6 in order to upload a malicious checkping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0-5.4.13, the commands are run as the nagios user. For versions 5.5.0-5.6.5 the commands are run a...

9CVSS8.9AI score0.77741EPSS
Exploits13
Total number of security vulnerabilities5000