Apple QuickTime PICT PnSize Buffer Overflow

This module exploits a vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

Windows Gather Product Key

This module will enumerate Microsoft product license keys. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Product Key', 'Description' = %q This module will enumerate Microsoft...

rsyslog Long Tag Off-By-Two DoS

This module triggers an off-by-two overflow in the rsyslog daemon. This flaw is unlikely to yield code execution but is effective at shutting down a remote log daemon. This bug was introduced in version 4.6.0 and corrected in 4.6.8/5.8.5. Compiler differences may prevent this bug from causing any...

DVD X Player 5.5 .plf PlayList Buffer Overflow

This module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file playlist, the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds...

Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability

This module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in...

RealVNC NULL Authentication Mode Bypass

This module exploits an Authentication bypass Vulnerability in RealVNC Server version 4.1.0 and 4.1.1. It sets up a proxy listener on LPORT and proxies to the target server The AUTOVNC option requires that vncviewer be installed on the attacking machine. This module requires Metasploit:...

Windows Gather Physical Drives and Logical Volumes

This module will list physical drives and logical volumes This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework List physical drives and logical volumes on the remote system R. Wesley McGrew [email protected]...

Windows Gather Local NBD Server

Maps remote disks and logical volumes to a local Network Block Device server. Allows for forensic tools to be executed on the remote disk directly. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework nbdserver.rb Maps...

Windows Gather Forensic Imaging

This module will perform byte-for-byte imaging of remote disks and volumes This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Forensic byte-for-byte imaging of remote disks and volumes R. Wesley McGrew...

Multi Generic Operating System Session Close

This module closes the specified session. This can be useful as a finisher for automation tasks This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Generic Operating System Session Close',...

Windows Gather AutoLogin User Credential Extractor

This module extracts the plain-text Windows user login password in Registry. It exploits a Windows feature that Windows 2000 to 2008 R2 allows a user or third-party Windows Utility tools to configure User AutoLogin via plain-text password insertion in AltDefaultPassword field in the registry...

BNAT Router

This module will properly route BNAT traffic and allow for connections to be established to machines on ports which might not otherwise be accessible. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Windows Gather Directory Permissions Enumeration

This module enumerates directories and lists the permissions set on found directories. Please note: if the PATH option isn't specified, then the module will start enumerate whatever is in the target machine's %PATH% variable. This module requires Metasploit: https://metasploit.com/download Curren...

BNAT Scanner

This module is a scanner which can detect Broken NAT network address translation implementations, which could result in an inability to reach ports on remote machines. Typically, these ports will appear in nmap scans as 'filtered'/'closed'. This module requires Metasploit:...

Windows Gather IP Range Reverse Lookup

This module uses Railgun, calling the gethostbyaddr function to resolve a hostname to an IP...

HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution

This module allows remote attackers to place arbitrary files on a users file system by abusing via Directory Traversal attack the "saveXML" method from the "XMLSimpleAccessor" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control HPTicketMgr.dll 2.7.2.0. Code execution can be achieved by...

Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution

Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This is part of Symantec AntiVirus Corporate Edition 8.0 - 10.1.7. This module requires Metasploit:...

Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability

This module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in propertybox.php can be used to execute arbitrary system commands. This module was tested against Oracle Secure Backup version 10.3.0.1.0 This...

Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution

Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

Java Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 7497 include Msf::Payload::Single include Msf::Payload::Java include...

SMB Scanner Check File/Directory Utility

This module is useful when checking an entire network of SMB hosts for the presence of a known file or directory. An example would be to scan all systems for the presence of antivirus or known malware outbreak. Typically you must set RPATH, SMBUser, SMBDomain and SMBPass to operate correctly. Thi...

NetBIOS Name Service Spoofer

This module forges NetBIOS Name Service NBNS responses. It will listen for NBNS requests sent to the local subnet's broadcast address and spoof a response, redirecting the querying machine to an IP of the attacker's choosing. Combined with auxiliary/server/capture/smb or...

MYSQL Password Hashdump

This module extracts the usernames and encrypted password hashes from a MySQL server and stores them for later cracking. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MYSQL Password Hashdump'...

Apache "mod_userdir" User Enumeration

Apache with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. This module requires Metasploit:...

Windows Gather Hardware Enumeration

Enumerate PCI hardware information from the registry. Please note this script will run through registry subkeys such as: 'PCI', 'ACPI', 'ACPIHAL', 'FDC', 'HID', 'HTREE', 'IDE', 'ISAPNP', 'LEGACY'', LPTENUM', 'PCIIDE', 'SCSI', 'STORAGE', 'SW', and 'USB'; it will take time to finish. It is...

MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow

This module exploits a buffer overflow in l3codecx.ax while processing a AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the .NET DLL memory techniqu...

VSploit Email PII

This auxiliary reads from a file and sends data which should be flagged via an internal or external SMTP server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSploit Email PII', 'Description...

VSploit Web PII

This module emulates a webserver leaking PII data This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSploit Web PII', 'Description' = 'This module emulates a webserver leaking PII data', 'License...

Mozilla Firefox 3.6.16 mChannel Use-After-Free Vulnerability

This module exploits a use after free vulnerability in Mozilla Firefox 3.6.16. An OBJECT Element mChannel can be freed via the OnChannelRedirect method of the nsIChannelEventSink Interface. mChannel becomes a dangling pointer and can be reused when setting the OBJECTs data attribute. Discovered b...

Windows Gather Credential Collector

This module harvests credentials found on the host and stores them in the database. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Credential Collector', 'Description' = %q This...

VSploit Mariposa DNS Query Module

This module queries known Mariposa Botnet DNS records. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSploit Mariposa DNS Query Module', 'Description' = 'This module queries known Mariposa...

VSploit Zeus DNS Query Module

This module queries known Zeus Botnet DNS records. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSploit Zeus DNS Query Module', 'Description' = 'This module queries known Zeus Botnet DNS...

VSploit DNS Beaconing Emulation

This module takes a list and emulates malicious DNS beaconing. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSploit DNS Beaconing Emulation', 'Description' = 'This module takes a list and...

TeeChart Professional ActiveX Control Trusted Integer Dereference

This module exploits an integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This modul...

Windows Gather Nimbuzz Instant Messenger Password Extractor

This module extracts the account passwords saved by Nimbuzz Instant Messenger in hex format. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Nimbuzz Instant Messenger Password...

Windows Gather FlashFXP Saved Password Extraction

This module extracts weakly encrypted saved FTP Passwords from FlashFXP. It finds saved FTP connections in the Sites.dat file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather...

Windows Gather Trillian Password Extractor

This module extracts account password from Trillian & Trillian Astra v4.x-5.x instant messenger. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Trillian Password Extractor',...

Windows Gather IPSwitch iMail User Data Enumeration

This module will collect iMail user data such as the username, domain, full name, e-mail, and the decoded password. Please note if IMAILUSER is specified, the module extracts user data from all the domains found. If IMAILDOMAIN is specified, then it will extract all user data under that particula...

Windows Gather WS_FTP Saved Password Extraction

This module extracts weakly encrypted saved FTP Passwords from WSFTP. It finds saved FTP connections in the wsftp.ini file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather WSFTP...

Windows Gather CoreFTP Saved Password Extraction

This module extracts saved passwords from the CoreFTP FTP client. These passwords are stored in the registry. They are encrypted with AES-128-ECB. This module extracts and decrypts these passwords. This module requires Metasploit: https://metasploit.com/download Current source:...

Windows Gather SmartFTP Saved Password Extraction

This module finds saved login credentials for the SmartFTP FTP client for windows. It finds the saved passwords and decrypts them. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class...

Windows Gather Internet Download Manager (IDM) Password Extractor

This module recovers the saved premium download account passwords from Internet Download Manager IDM. These passwords are stored in an encoded format in the registry. This module traverses through these registry entries and decodes them. Thanks to the template code of theLightCosine's CoreFTP...

Windows Manage Local NBD Server for Remote Disks

Maps remote disks and logical volumes to a local Network Block Device server. Allows for forensic tools to be executed on the remote disk directly. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Maps remote disks and...

Windows Manage Run Command As User

This module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned by default, by setting CMDOUT to true output will be redirected to a temp file and read back in to display. By setting advanced option SETPASS to true, it will...

Telephone Line Voice Scanner

This module dials a range of phone numbers and records audio from each answered call This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'fileutils' class MetasploitModule 'Telephone Line Voice Scanner',...

CA Arcserve D2D GWT RPC Credential Information Disclosure

This module exploits an information disclosure vulnerability in the CA Arcserve D2D r15 web server. The information disclosure can be triggered by sending a specially crafted RPC request to the homepage servlet. This causes CA Arcserve to disclosure the username and password in cleartext used for...

Windows Capture Winlogon Lockout Credential Keylogger

This module migrates and logs Microsoft Windows user's passwords via Winlogon.exe using idle time and natural system changes to give a false sense of security to the user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

Multi Gather FileZilla FTP Client Credential Collection

This module will collect credentials from the FileZilla FTP client if it is installed. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Multi Gather FileZilla FTP Client...

Multi Manage Post Module Macro Execution

This module will execute a list of modules given in a macro file in the format of against the select session checking for compatibility of the module against the sessions and validation of the options provided. This module requires Metasploit: https://metasploit.com/download Current source:...

SIPDroid Extension Grabber

This module exploits a leak of extension/SIP Gateway on SIPDroid 1.6.1 beta, 2.0.1 beta, 2.2 beta tested in Android 2.1 and 2.2 - official Motorola release other versions may be affected. This module requires Metasploit: https://metasploit.com/download Current source:...