6841 matches found
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show...
HTTP Fetch, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/dllinject/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentcp...
HTTP Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/dllinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...
HTTP Fetch, Windows shellcode stage, Bind TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/custom/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show...
HTTP Fetch, Windows shellcode stage, Reverse HTTP Stager Proxy
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/http/x86/custom/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION...
HTTP Fetch, Windows shellcode stage, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show...
HTTP Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows winhttp Module Options msf use payload/cmd/windows/http/x86/custom/reversewinhttps msf payloadreversewinhttps show actions ...actions... msf payloadreversewinhttps set ACTION msf...
HTTP Fetch, Windows shellcode stage, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcod...
HTTP Fetch
Fetch and execute an x86 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x86/adduser msf payloadadduser show actions ...actions... msf payloadadduser set ACTION msf payloadadduser show options ...show and set options... msf payloadadduser run This module requires...
HTTP Fetch, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...
HTTP Fetch, Windows shellcode stage, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/custom/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf...
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show...
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf...
HTTP Fetch, Reverse HTTP Stager Proxy
Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/http/x86/dllinject/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf...
HTTP Fetch, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an HTTP server. Use an established connection Module Options msf use payload/cmd/windows/http/x86/dllinject/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and set options... msf...
HTTP Fetch, Reverse TCP Stager (IPv6)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/http/x86/dllinject/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show option...
HTTP Fetch, Reverse TCP Stager (DNS)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show options ...show and...
HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and...
HTTP Fetch, Windows Reverse HTTP Stager (winhttp)
Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/http/x86/dllinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp sho...
HTTP Fetch, DNS TXT Record Payload Download and Execution
Fetch and execute an x86 payload from an HTTP server. Performs a TXT query against a series of DNS records and executes the returned x86 shellcode. The DNSZONE option is used as the base name to iterate over. The payload will first request the TXT contents of the a hostname, followed by b, then c...
HTTP Fetch, Windows shellcode stage, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for a connection No NX Module Options msf use payload/cmd/windows/http/x86/custom/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show option...
HTTP Fetch, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Listen for a connection No NX Module Options msf use payload/cmd/windows/http/x86/dllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...
HTTP Fetch, Windows shellcode stage, Windows Reverse HTTP Stager (winhttp)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/http/x86/custom/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf...
HTTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show and...
HTTP Fetch, Windows shellcode stage, Hidden Bind TCP Stager
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/custom/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...
HTTP Fetch, Hidden Bind Ipknock TCP Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcode from any IP. The socke...
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
HTTP Fetch, Windows shellcode stage, Windows Reverse HTTP Stager (wininet)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/http/x86/custom/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf...
HTTP Fetch, Windows shellcode stage, Bind IPv6 TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/custom/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf...
HTTP Fetch, Bind TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/dllinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...
HTTP Fetch, Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/custom/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set...
HTTP Fetch, Reverse TCP Stager with UUID Support
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf payloadreversetcpuuid sho...
HTTP Fetch, Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/cmd/windows/http/x86/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...
HTTP Fetch, Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for a connection Module Options msf use payload/cmd/windows/http/x86/custom/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show...
HTTP Fetch, Windows shellcode stage, Reverse TCP Stager (IPv6)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/http/x86/custom/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...
HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcprc4dns msf payloadreversetcprc4dns show actions ...actions... msf payloadreversetcprc4dns set ACTION msf payloadreversetcprc4dns show options...
HTTP Fetch, Windows Reverse HTTP Stager (wininet)
Fetch and execute an x86 payload from an HTTP server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/http/x86/dllinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...
HTTP Fetch, Windows shellcode stage, Find Tag Ordinal Stager
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Use an established connection Module Options msf use payload/cmd/windows/http/x86/custom/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show options ...show and se...
HTTP Fetch, Reverse TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker No NX Module Options msf use payload/cmd/windows/http/x86/dllinject/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options...
HTTP Fetch, Windows x86 Bind Named Pipe Stager
Fetch and execute an x86 payload from an HTTP server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/dllinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...
HTTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/dllinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports...
HTTP Fetch, Bind IPv6 TCP Stager (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/dllinject/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp show options ...show...
Windows Persistence via UserInitMprLogonScript
This module establishes persistence by setting the UserInitMprLogonScript value in HKCU\Environment. During user logon, userinit.exe checks this value and executes the specified command or binary. The module writes a payload executable to disk and points UserInitMprLogonScript to that payload...
Cisco Catalyst SD-WAN Controller Authentication Bypass
This module exploits an authentication bypass vulnerability CVE-2026-20127 in the Cisco Catalyst SD-WAN Controller vSmart. The vdaemon DTLS control-plane service fails to properly validate the verifystatus byte in CHALLENGEACKACK msgtype=10 messages. The vbondprocchallengeackack handler reads an...
FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass
This module exploits an unauthenticated remote code execution vulnerability in FreeScout use exploit/multi/http/freescouthtaccessrce msf exploitfreescouthtaccessrce show targets ...targets... msf exploitfreescouthtaccessrce set TARGET msf exploitfreescouthtaccessrce show options ...show and set...
Grav CMS Admin Direct Install Authenticated Plugin Upload RCE
Grav CMS version use exploit/multi/http/gravadmindirectinstallrcecve202550286 msf exploitgravadmindirectinstallrcecve202550286 show targets ...targets... msf exploitgravadmindirectinstallrcecve202550286 set TARGET msf exploitgravadmindirectinstallrcecve202550286 show options ...show and set...
Generic HTTP Command Execution
This module interacts with existing command execution functionality on a target system, where user-supplied input is directly passed to system execution functions via a HTTP request. This could be from an existing vulnerability, or uploaded webshells such as: It is likely that HTTP evasion option...
Eclipse Che machine-exec Unauthenticated RCE
This module exploits an unauthenticated remote code execution vulnerability in the Eclipse Che machine-exec service CVE-2025-12548. The machine-exec service, exposed on port 3333 within Red Hat OpenShift DevSpaces developer workspace containers, accepts WebSocket connections without authenticatio...