6845 matches found
Mini-Stream 3.0.1.1 Buffer Overflow
This module exploits a stack buffer overflow in Mini-Stream 3.0.1.1 By creating a specially crafted pls file, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
ScriptFTP LIST Remote Buffer Overflow
AmmSoft's ScriptFTP client is susceptible to a remote buffer overflow vulnerability that is triggered when processing a sufficiently long filename during a FTP LIST command resulting in overwriting the exception handler. Social engineering of executing a specially crafted ftp file by double click...
myBB 1.6.4 Backdoor Arbitrary Command Execution
myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor's source package. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Windows Gather Enumerate Domain Admin Tokens (Token Hunter)
This module enumerates Domain Admin account processes and delegation tokens. This module will first check if the session has sufficient privileges to replace process level tokens and adjust process quotas. The SeAssignPrimaryTokenPrivilege privilege will not be assigned if the session has been...
Multi Generic Operating System Session Close
This module closes the specified session. This can be useful as a finisher for automation tasks This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Generic Operating System Session Close',...
Linux Execute Command
Execute an arbitrary command or just a /bin/sh shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 44 include Msf::Payload::Single include Msf::Payload::Linux::X64::Prepends def...
Windows Gather Local User Account SID Lookup
This module prints information about a given SID from the perspective of this session. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Local User Account SID Lookup', 'Descriptio...
DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow
This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 Build 6.1.8.10. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Digital Music Pad Version 8.2.3.3.4 Stack Buffer Overflow
This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4 When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Oracle DB SQL Injection via SYS.LT.MERGEWORKSPACE
This module exploits a sql injection flaw in the MERGEWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability. This module requires Metasploit: https://metasploit.com/download Current source:...
mIRC PRIVMSG Handling Stack Buffer Overflow
This module exploits a buffer overflow in the mIRC IRC Client v6.34 and earlier. By enticing a mIRC user to connect to this server module, an excessively long PRIVMSG command can be sent, overwriting the stack. Due to size restrictions, ordinal payloads may be necessary. This module is based on t...
Wireshark LDAP Dissector DOS
The LDAP dissector in Wireshark 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service application crash via a malformed packet. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...
VNC Authentication None Detection
Detect VNC servers that support the "None" authentication method. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VNC Authentication None Detection', 'Description' = 'Detect VNC servers that...
ClamAV Milter Blackhole-Mode Remote Code Execution
This module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' Sendmail mail filter. Versions prior to v0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call. This module requires Metasploit:...
CCProxy Telnet Proxy Ping Overflow
This module exploits the YoungZSoft CCProxy 'CCProxy Telnet Proxy Ping Overflow', 'Description' = %q This module exploits the YoungZSoft CCProxy 'aushack' , 'Arch' = ARCHX86 , 'License' = MSFLICENSE, 'References' = 'CVE', '2004-2416' , 'OSVDB', '11593' , 'BID', '11666' , 'EDB', '621' , ,...
NaviCOPA 2.0.1 URL Handling Buffer Overflow
This module exploits a stack buffer overflow in NaviCOPA 2.0.1. The vulnerability is caused due to a boundary error within the handling of URL parameters. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 68 include Msf::Payload::Single include Msf::Payload::Linux::X86::Prepends includ...
Juniper Gather Device General Information
This module collects a Juniper ScreenOS and JunOS device information and configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juniper Gather Device General Information', 'Description'...
Windscribe WindscribeService Named Pipe Privilege Escalation
The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...
Amazon Web Services EC2 instance enumeration
Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all EC2 instances associated with the account This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'aws-sdk-ec2'...
Dolibarr Gather Credentials via SQL Injection
This module enables an authenticated user to collect the usernames and encrypted passwords of other users in the Dolibarr ERP/CRM via SQL injection. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...
Linux Command Shell, Reverse TCP Inline (IPv6)
Connect back to attacker and spawn a command shell over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 158 include Msf::Payload::Single include...
Linux Meterpreter, Reverse TCP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1061912 include...
IBM QRadar SIEM Unauthenticated Remote Code Execution
IBM QRadar SIEM has three vulnerabilities in the Forensics web application that when chained together allow an attacker to achieve unauthenticated remote code execution. The first stage bypasses authentication by fixating session cookies. The second stage uses those authenticated sessions cookies...
Commvault Communications Service (cvd) Command Injection
This module exploits a command injection vulnerability discovered in Commvault Service v11 SP5 and earlier versions tested in v11 SP5 and v10. The vulnerability exists in the cvd.exe service and allows an attacker to execute arbitrary commands in the context of the service. By default, the...
Jenkins XStream Groovy classpath Deserialization Vulnerability
This module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default...
Asterisk Gather Credentials
This module retrieves SIP and IAX2 user extensions and credentials from Asterisk Call Manager service. Valid manager credentials are required. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
Linux Meterpreter, Reverse HTTP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1068952 include...
Linux Meterpreter, Reverse TCP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1271304 include...
Unix Command Shell, Reverse TCP (via ncat)
Creates an interactive shell via ncat, utilizing ssl mode This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 42 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions...
Huawei HG532n Command Injection
This module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose...
Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
This module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot CVE-2016-7552. The second is a cmdi flaw using the timezone...
Sends Beacons to Scan for Active ZigBee Networks
Post Module to send beacon signals to the broadcast address while channel hopping This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sends Beacons to Scan for Active ZigBee Networks', 'Description...
Telpho10 Backup Credentials Dumper
This module exploits a vulnerability present in all versions of Telpho10 telephone system appliance. This module generates a configuration backup of Telpho10, downloads the file and dumps the credentials for admin login, phpmyadmin, phpldapadmin, etc. This module has been successfully tested on t...
Python Meterpreter, Python Reverse TCP SSL Stager
Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Reverse Python connect back stager using SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...
DarkComet Server Remote File Download Exploit
This module exploits an arbitrary file download vulnerability in the DarkComet C server versions 3.2 and up. The exploit does not need to know the password chosen for the bot/server communication. This module requires Metasploit: https://metasploit.com/download Current source:...
HP SiteScope DNS Tool Command Injection
This module exploits a command injection vulnerability discovered in HP SiteScope 11.30 and earlier versions tested in 11.26 and 11.30. The vulnerability exists in the DNS Tool allowing an attacker to execute arbitrary commands in the context of the service. By default, HP SiteScope installs and...
BusyBox Ping Network Enumeration
This module will be applied on a session connected to a BusyBox shell. It will ping a range of IP addresses from the router or device executing BusyBox. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Heroes of Might and Magic III .h3m Map file Buffer Overflow
This module embeds an exploit into an uncompressed map file .h3m for Heroes of Might and Magic III. Once the map is started in-game, a buffer overflow occurring when loading object sprite names leads to shellcode execution. This module requires Metasploit: https://metasploit.com/download Current...
Accellion FTA 'statecode' Cookie Arbitrary File Read
This module exploits a file disclosure vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'statecode' cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal...
BSD x64 Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 81 include Msf::Payload::Single include Msf::Payload::Bsd include...
HP Client Automation Command Injection
This module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon radexecd.exe, which doesn't authenticate execution requests by default. This module has been tested...
Chromecast Web Server Scanner
This module scans for the Chromecast web server on port 8008/TCP, and can be used to discover devices which can be targeted by other Chromecast modules, such as chromecastyoutube. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows Manage PXE Exploit Server
This module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing a payload to install metsvc, disable the firewall, and add a new user metasploit on any Windows partition seen, and add a uid...
Huawei Datacard Information Disclosure Vulnerability
This module exploits an unauthenticated information disclosure vulnerability in Huawei SOHO routers. The module will gather information by accessing the /api pages where authentication is not required, allowing configuration changes as well as information disclosure, including any stored SMS. Thi...
Python Meterpreter, Python Reverse HTTP Stager
Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Tunnel communication over HTTP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...
Multi Manage DbVisualizer Add Db Admin
Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases With GUI. The remote database can be accessed from the command line without the need to authenticate, which can be abused to create an administrator in the database with the proper database permissions. Note:...
D-Link Unauthenticated Remote Command Execution using UPnP via a special crafted M-SEARCH packet.
A command injection vulnerability exists in multiple D-Link network products, allowing an attacker to inject arbitrary command to the UPnP via a crafted M-SEARCH packet. Universal Plug and Play UPnP, by default is enabled in most D-Link devices, on the port 1900. An attacker can perform a remote...
JBoss Status Servlet Information Gathering
This module queries the JBoss status servlet to collect sensitive information, including URL paths, GET parameters and client IP addresses. This module has been tested against JBoss 4.0, 4.2.2 and 4.2.3. This module requires Metasploit: https://metasploit.com/download Current source:...
Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow
This module abuses a buffer overflow vulnerability to trigger a Denial of Service of the BKCLogSvr component in the Yokogaca CENTUM CS 3000 product. The vulnerability exists in the handling of malformed log packets, with an unexpected long level field. The root cause of the vulnerability is a...