6843 matches found
Multi Gather Mozilla Thunderbird Signon Credential Collection
This module will collect credentials from Mozilla Thunderbird by downloading the necessary files such as 'signons.sqlite', 'key3.db', and 'cert8.db' for offline decryption with third party tools. If necessary, you may also set the PARSE option to true to parse the sqlite file, which contains...
Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
This module exploits a stack based buffer overflow found in Free MP3 CD Ripper 1.1. The overflow is triggered when an unsuspecting user opens a malicious WAV file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
This module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ recType 0x5D record an attacker can get the control of the execution flow. This results in arbitrary code execution under the context of the user. This module requires...
Viscom Software Movie Player Pro SDK ActiveX 6.8
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be...
UDP Service Prober
Detect common UDP services using sequential probes This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'UDP Service Prober', 'Description' = 'Detect common UDP services using...
Postgres Password Hashdump
This module extracts the usernames and encrypted password hashes from a Postgres server and stores them for later cracking. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Postgres Password...
ARP Spoof
Spoof ARP replies and poison remote ARP caches to conduct IP address spoofing or a denial of service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ARP Spoof', 'Description' = %q Spoof ARP...
Windows Gather mRemote Saved Password Extraction
This module extracts saved passwords from mRemote. mRemote stores connections for RDP, VNC, SSH, Telnet, rlogin and other protocols. It saves the passwords in an encrypted format. The module will extract the connection info and decrypt the saved passwords. This module requires Metasploit:...
Wireshark console.lua Pre-Loading Script Execution
This module exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8 This...
Multiple Linux / Unix Post Sudo Upgrade Shell
This module attempts to upgrade a shell account to UID 0 by reusing the given password and passing it to sudo. This technique relies on sudo versions from 2008 and later which support -A. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows Recon Computer Browser Discovery
This module uses railgun to discover hostnames and IPs on the network. LTYPE should be set to one of the following values: WK all workstations, SVR all servers, SQL all SQL servers, DC all Domain Controllers, DCBKUP all Domain Backup Servers, NOVELL all Novell servers, PRINTSVR all Print Que...
Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
This module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing an overly long argument to an insecure TifMergeMultiFiles method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first...
Windows Disconnect Wireless Connection
This module disconnects the current wireless network connection on the specified interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Disconnect Wireless Connection', 'Description...
Windows Gather Wireless BSS Info
This module gathers information about the wireless Basic Service Sets available to the victim machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Wireless BSS Info',...
Windows Gather Wireless Current Connection Info
This module gathers information about the current connection on each wireless lan interface on the target machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Wireless Curren...
Windows Gather Wireless Profile
This module extracts saved Wireless LAN profiles. It will also try to decrypt the network key material. Behavior is slightly different between OS versions when it comes to WPA. In Windows Vista/7 we will get the passphrase. In Windows XP we will get the PBKDF2 derived key. This module requires...
Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow
This module exploits a stack based buffer overflow found in Mini-Stream RM-MP3 Converter v3.1.2.1. The overflow is triggered when an unsuspecting victim opens the malicious PLS file. This module requires Metasploit: https://metasploit.com/download Current source:...
Support Incident Tracker Remote Command Execution
This module combines two separate issues within Support Incident Tracker 'Support Incident Tracker Remote Command Execution', 'Description' = %q This module combines two separate issues within Support Incident Tracker 'Secunia Research', Original discovery...
Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow
This module exploits a vulnerability found in Aviosoft Digital TV Player Pro version 1.x. An overflow occurs when the process copies the content of a playlist file on to the stack, which may result arbitrary code execution under the context of the user. This module requires Metasploit:...
Windows Escalation
This module uses the getsystem command to escalate the current session to the SYSTEM account using various techniques. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasm' class MetasploitModule 'Windows...
Asterisk Manager Login Utility
This module attempts to authenticate to an Asterisk Manager service. Please note that by default, Asterisk Call Management port 5038 only listens locally, but this can be manually configured in file /etc/asterisk/manager.conf by the admin on the victim machine. This module requires Metasploit:...
Windows Gather Forensics Duqu Registry Check
This module searches for CVE-2011-3402 Duqu related registry artifacts. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Forensics Duqu Registry Check', 'Description' = %q This...
JBoss Seam 2 Remote Command Execution
JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. This modules also has been tested...
Windows Gather Enumerate Computers
This module will enumerate computers included in the primary Active Directory domain. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Enumerate Computers', 'Description' = %q Thi...
AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
This module exploits VanDyke Software AbsoluteFTP by overflowing a filename buffer related to the LIST command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AbsoluteFTP 1.9.6 - 2.2.10 LIST...
Squiz Matrix User Enumeration Scanner
This module attempts to enumerate remote users that exist within the Squiz Matrix and MySource Matrix CMS by sending GET requests for asset IDs e.g. ?a=14 and searching for a valid username eg "root" or "test" which is prefixed by a "" in the response. It will also try to GET the users full name ...
TYPO3 sa-2010-020 Remote File Disclosure
This module exploits a flaw in the way the TYPO3 jumpurl feature matches hashes. Due to this flaw a Remote File Disclosure is possible by matching the juhash of 0. This flaw can be used to read any file that the web server user account has access to view. This module requires Metasploit:...
TYPO3 Winstaller Default Encryption Keys
This module exploits known default encryption keys found in the TYPO3 Winstaller. This flaw allows for file disclosure in the jumpUrl mechanism. This issue can be used to read any file that the web server user account has access to view. The method used to create the juhash short MD5 hash was...
TYPO3 sa-2009-001 Weak Encryption Key File Disclosure
This module exploits a flaw in TYPO3 encryption ey creation process to allow for file disclosure in the jumpUrl mechanism. This flaw can be used to read any file that the web server user account has access to view. This module requires Metasploit: https://metasploit.com/download Current source:...
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
This module exploits a vulnerability found in Excel of Microsoft Office 2007. By supplying a malformed .xlb file, an attacker can control the content source of a memcpy routine, and the number of bytes to copy, therefore causing a stack- based buffer overflow. This results in arbitrary code...
Windows Gather McAfee ePO 4.6 Config SQL Credentials
This module extracts connection details and decrypts the saved password for the SQL database in use by a McAfee ePO 4.6 server. The passwords are stored in a config file. They are encrypted with AES-128-ECB and a static key. This module requires Metasploit: https://metasploit.com/download Current...
Windows Gather Terminal Server Client Connection Information Dumper
This module dumps MRU and connection data for RDP sessions This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Terminal Server Client Connection Information Dumper', 'Description' = ...
Mini-Stream 3.0.1.1 Buffer Overflow
This module exploits a stack buffer overflow in Mini-Stream 3.0.1.1 By creating a specially crafted pls file, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
HTTP Cross-Site Tracing Detection
Checks if the host is vulnerable to Cross-Site Tracing XST This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Cross-Site Tracing Detection', 'Description' = 'Checks if the host is vulnerable ...
Windows Gather Domain Enumeration
This module enumerates currently the domains a host can see and the domain controllers for that domain. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Domain Enumeration',...
LifeSize Room Command Injection
This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of payload options. This module requires Metasploit: https://metasploit.com/download Current...
Windows Gather Credentials IMVU Game Client
This module extracts account username & password from the IMVU game client and stores it as loot. -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Credentials...
NJStar Communicator 3.00 MiniSMTP Buffer Overflow
This module exploits a stack buffer overflow vulnerability in NJStar Communicator Version 3.00 MiniSMTP server. The MiniSMTP application can be seen in multiple NJStar products, and will continue to run in the background even if the software is already shutdown. According to the vendor's...
Windows Gather Enumerate Domain Tokens
This module enumerates domain account tokens, processes running under domain accounts, and domain users in the local Administrators, Users and Backup Operator groups. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
GTA SA-MP server.cfg Buffer Overflow
This module exploits a stack-based buffer overflow in GTA SA-MP Server. This buffer overflow occurs when the application attempts to open a malformed server.cfg file. To exploit this vulnerability, an attacker must send the victim a server.cfg file and have them run samp-server.exe. This module...
phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection
This module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magicquotesgpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected. This module...
phpLDAPadmin query_engine Remote PHP Code Injection
This module exploits a vulnerability in the lib/functions.php for phpLDAPadmin versions 1.2.1.1 and earlier that allows attackers input parsed directly to the createfunction php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parse...
Windows Gather Google Picasa Password Extractor
This module extracts and decrypts the login passwords stored by Google Picasa. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Google Picasa Password Extractor', 'Description' = ...
Cytel Studio 9.0 (CY3 File) Stack Buffer Overflow
This module exploits a stack based buffer overflow found in Cytel Studio 'Cytel Studio 9.0 CY3 File Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Cytel Studio MSFLICENSE, 'Author' = 'Luigi Auriemma', Initial Discovery/PoC 'James Fitts '...
Windows Manage Certificate Authority Injection
This module allows the attacker to insert an arbitrary CA certificate into the victim's Trusted Root store. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Certificate Authority...
Windows Manage Hosts File Injection
This module allows the attacker to insert a new entry into the target system's hosts file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Manage Hosts File Injection'...
Windows Manage Certificate Authority Removal
This module allows the attacker to remove an arbitrary CA certificate from the victim's Trusted Root store. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Certificate Authority...
Windows Gather Windows Host File Enumeration
This module returns a list of entries in the target system's hosts file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Windows Host File Enumeration', 'Description' = %q This...
Windows Manage Host File Entry Removal
This module allows the attacker to remove an entry from the Windows hosts file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Host File Entry Removal', 'Description' = %q This...
SAP Management Console OSExecute
This module allows execution of operating system commands through the SAP Management Console SOAP Interface. A valid username and password must be provided. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...