6843 matches found
VMWare Power Off Virtual Machine
This module will log into the Web API of VMWare and try to power off a specified Virtual Machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Power Off Virtual Machine', 'Description...
VMWare Power On Virtual Machine
This module will log into the Web API of VMWare and try to power on a specified Virtual Machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Power On Virtual Machine', 'Description' ...
VMWare Enumerate Virtual Machines
This module attempts to discover virtual machines on any VMWare instance running the web interface. This would include ESX/ESXi and VMWare Server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
VMWare Web Login Scanner
This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Web Login Scanner', 'Description' = 'This...
VMWare Screenshot Stealer
This module uses supplied login credentials to connect to VMWare via the web interface. It then searches through the datastores looking for screenshots. It will download any screenshots it finds and save them as loot. This module requires Metasploit: https://metasploit.com/download Current source...
UNIX Gather .fetchmailrc Credentials
Post Module to obtain credentials saved for IMAP, POP and other mail retrieval protocols in fetchmail's .fetchmailrc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UNIX Gather .fetchmailrc...
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
This module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 without Hotfix CPVS56SP1E043 by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3. -- coding: binary -- This...
Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
This module exploits a stack based buffer overflow found in the SNMP NetDBServer service of Sunway Forcecontrol 'Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57', 'Description' = %q This module exploits a stack based buffer overflow found in the SNMP NetDBServer service of Sunway Forcecontro...
Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
This module exploits a vulnerability in Icona SpA C6 Messenger 1.0.0.1. The vulnerability is in the DownloaderActiveX Control DownloaderActiveX.ocx. The insecure control can be abused to download and execute arbitrary files in the context of the currently logged-on user. This module requires...
Windows Gather VNC Password Extraction
This module extract DES encrypted passwords in known VNC locations This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather VNC Password Extraction', 'Description' = %q This module extrac...
Windows Gather Total Commander Saved Password Extraction
This module extracts weakly encrypted saved FTP Passwords from Total Commander. It finds saved FTP connections in the wcxftp.ini file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows...
Windows Gather Microsoft Outlook Saved Password Extraction
This module extracts and decrypts saved Microsoft Outlook versions 2002-2010 passwords from the Windows Registry for POP3/IMAP/SMTP/HTTP accounts. In order for decryption to be successful, this module must be executed under the same privileges as the user which originally encrypted the password. ...
Windows Gather WinSCP Saved Password Extraction
This module extracts weakly encrypted saved passwords from WinSCP. It searches for saved sessions in the Windows Registry and the WinSCP.ini file. It cannot decrypt passwords if a master password is used. This module requires Metasploit: https://metasploit.com/download Current source:...
VMWare Enumerate Host Details
This module attempts to enumerate information about the host systems through the VMWare web API. This can include information about the hardware installed on the host machine. This module requires Metasploit: https://metasploit.com/download Current source:...
Linux Gather Saved mount.cifs/mount.smbfs Credentials
Post Module to obtain credentials saved for mount.cifs/mount.smbfs in /etc/fstab on a Linux system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Gather Saved mount.cifs/mount.smbfs...
BSD Command Shell, Reverse TCP Inline (IPv6)
Connect back to attacker and spawn a command shell over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 96 include Msf::Payload::Single include Msf::Payload::Bsd include...
BSD Command Shell, Bind TCP Inline (IPv6)
Listen for a connection and spawn a command shell over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 87 include Msf::Payload::Single include Msf::Payload::Bsd include...
BSD Command Shell, Reverse TCP Stager (IPv6)
Spawn a command shell staged. Connect back to the attacker over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ReverseTcp ---------- BSD reverse TCP stager. module MetasploitModule CachedSize = 81 include...
BSD Command Shell, Bind TCP Stager (IPv6)
Spawn a command shell staged. Listen for a connection over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework BindTcp ------- BSD bind TCP stager. module MetasploitModule CachedSize = 63 include Msf::Payload::Stager...
PHP Command Shell, Bind TCP (via php) IPv6
Listen for a connection and spawn a command shell via php IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php inclu...
PHP Meterpreter, Bind TCP Stager IPv6
Run a meterpreter server in PHP. Listen for a connection over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 1337 include Msf::Payload::Stager include...
PHP Command Shell, Bind TCP (via perl) IPv6
Listen for a connection and spawn a command shell via perl persistent over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...
vBSEO proc_deutf() Remote PHP Code Injection
This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php for vBSEO versions 3.6.0 and earlier. User input passed through 'charrepl' POST parameter isn't properly sanitized before being used in a call to pregreplace function which uses the...
Ektron CMS400.NET Default Password Scanner
Ektron CMS400.NET is a web content management system based on .NET. This module tests for installations that are utilizing default passwords set by the vendor. Additionally, it has the ability to brute force user accounts. Note that Ektron CMS400.NET, by default, enforces account lockouts for...
OS X x64 Execute Command
Execute an arbitrary command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 31 include Msf::Payload::Single def initializeinfo = supermergeinfoinfo, 'Name' = 'OS X x64 Execute...
UNIX Gather .netrc Credentials
Post Module to obtain credentials saved for FTP and other services in .netrc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UNIX Gather .netrc Credentials', 'Description' = %q Post Module to...
PcAnywhere TCP Service Discovery
Discover active pcAnywhere services through TCP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PcAnywhere TCP Service Discovery', 'Description' = 'Discover active pcAnywhere services through...
PcAnywhere UDP Service Discovery
Discover active pcAnywhere services through UDP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PcAnywhere UDP Service Discovery', 'Description' = 'Discover active pcAnywhere services through...
Multi Gather VirtualBox VM Enumeration
This module will attempt to enumerate any VirtualBox VMs on the target machine. Due to the nature of VirtualBox, this module can only enumerate VMs registered for the current user, therefore, this module needs to be invoked from a user context. This module requires Metasploit:...
Multi Gather VMWare VM Identification
This module will attempt to find any VMWare virtual machines stored on the target. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'yaml' class MetasploitModule 'Multi Gather VMWare VM Identification',...
HP Diagnostics Server magentservice.exe Overflow
This module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI. This module requires Metasploit:...
NAT-PMP External Port Scanner
Scan NAT devices for their external listening ports using NAT-PMP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NAT-PMP External Port Scanner', 'Description' = 'Scan NAT devices for their...
NAT-PMP Port Mapper
Map forward TCP and UDP ports on NAT devices using NAT-PMP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NAT-PMP Port Mapper', 'Description' = 'Map forward TCP and UDP ports on NAT devices...
NAT-PMP External Address Scanner
Scan NAT devices for their external address using NAT-PMP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NAT-PMP External Address Scanner', 'Description' = 'Scan NAT devices for their external...
Windows Manage Download and/or Execute
This module will download a file by importing urlmon via railgun. The user may also choose to execute the file with arguments via execstring. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
VMWare Authentication Daemon Login Scanner
This module will test vmauthd logins on a range of machines and report successful logins. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...
7-Technologies IGSS 9 IGSSdataServer.exe DoS
The 7-Technologies SCADA IGSS Data Server IGSSdataServer.exe '7-Technologies IGSS 9 IGSSdataServer.exe DoS', 'Description' = %q The 7-Technologies SCADA IGSS Data Server IGSSdataServer.exe 'jfa', Metasploit module , 'License' = MSFLICENSE, 'References' = 'CVE', '2011-4050' , 'OSVDB', '77976' ,...
General Electric D20 Password Recovery
The General Electric D20ME and possibly other units D200? feature TFTP readable configurations with plaintext passwords. This module retrieves the username, password, and authentication level list. This module requires Metasploit: https://metasploit.com/download Current source:...
Gitorious Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in gitorious. Unvalidated input is passed to the shell allowing command execution. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...
HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM01213 without the SSRT100649 hotfix. By specifying a long 'textFile' argument when calling the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary...
Windows x64 LoadLibrary Path
Load an arbitrary x64 library path This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 285 include Msf::Payload::Windows include Msf::Payload::Single def initializeinfo =...
HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
This module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control HPTicketMgr.dll 2.7.2.0. Code execution can be achieved by first uploading the...
McAfee SaaS MyCioScan ShowReport Remote Command Execution
This module exploits a vulnerability found in McAfee Security-as-a-Service. The ShowReport function located in the myCIOScn.dll ActiveX component fails to check the FileName argument, and passes it on to a ShellExecuteW function, therefore allows any malicious attacker to execute any process that...
BS.Player 2.57 Buffer Overflow (Unicode SEH)
This module exploits a buffer overflow in BS.Player 2.57. When the playlist import is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Postgres Schema Dump
This module extracts the schema information from a Postgres server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postgres Schema Dump', 'Description' = % This module extracts the schema...
MYSQL Schema Dump
This module extracts the schema information from a MySQL DB server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'yaml' class MetasploitModule 'MYSQL Schema Dump', 'Description' = %Q This module extracts th...
MSSQL Schema Dump
This module attempts to extract the schema from a MSSQL Server Instance. It will disregard builtin and example DBs such as master, model, msdb, and tempdb. The module will create a note for each DB found, and store a YAML formatted output as loot for easy reading. This module requires Metasploit:...
Drupal Views Module Users Enumeration
This module exploits an information disclosure vulnerability in the 'Views' module of Drupal, brute-forcing the first 10 usernames from 'a' to 'z'. Drupal 6 with 'Views' module 'Drupal Views Module Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability...
Mozilla Firefox 3.6.16 mChannel Use-After-Free
This module exploits a use-after-free vulnerability in Mozilla Firefox 3.6.16. An OBJECT element, mChannel, can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. This modul...
OP5 welcome Remote Command Execution
This module exploits an arbitrary root command execution vulnerability in OP5 Monitor welcome. Ekelow AB has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...