6841 matches found
Windows Gather SNMP Settings
This module will enumerate the SNMP service configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather SNMP Settings', 'Description' = %q This module will enumerate the SNMP...
Windows Gather SMB Share Enumeration via Registry
This module will enumerate configured and recently used file shares. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather SMB Share Enumeration via Registry', 'Description' = %q This...
Windows Gather Installed Application Enumeration
This module will enumerate all installed applications on a Windows system This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Installed Application Enumeration', 'Description' = %q...
Windows Gather PowerShell Environment Setting Enumeration
This module will enumerate Microsoft PowerShell settings. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather PowerShell Environment Setting Enumeration', 'Description' = %q This...
Windows Gather Logged On User Enumeration (Registry)
This module will enumerate current and recently logged on Windows users. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Logged On User Enumeration Registry', 'Description' = %q...
ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
This module exploits a stack-based buffer overflow in versions 1.2 through 1.3.0 of ProFTPD server. The vulnerability is within the "sreplace" function within the "src/support.c" file. The off-by-one heap overflow bug in the ProFTPD sreplace function has been discovered about 2 two years ago by...
Java Signed Applet Social Engineering Code Execution
This exploit dynamically creates a .jar file via the Msf::Exploit::Java mixin, then signs the it. The resulting signed applet is presented to the victim via a web page with an applet tag. The victim's JVM will pop a dialog asking if they trust the signed applet. On older versions the dialog will...
Multi Gather Generic Operating System Environment Settings
This module prints out the operating system environment variables. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Generic Operating System Environment Settings', 'Description' = %...
SNMP Set Module
This module, similar to snmpset tool, uses the SNMP SET request to set information on a network entity. A OID numeric notation and a value are required. Target device must permit write access. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows Speech API - Say "You Got Pwned!"
Causes the target to say "You Got Pwned" via the Windows Speech API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework =begin https://www.exploit-db.com/sploits/w32-speaking-shellcode.zip Copyright c 2009-2010 Berend-Jan...
Microsoft IIS FTP Server Encoded Response Overflow Trigger
This module triggers a heap overflow when processing a specially crafted FTP request containing Telnet IAC 0xff bytes. When constructing the response, the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes. This issue can be triggered pre-auth and may in fact be exploitable for...
Cisco IOS SNMP File Upload (TFTP)
This module will copy file to a Cisco IOS device using SNMP and TFTP. The action OverrideConfig will override the running config of the Cisco device. A read-write SNMP community is required. The SNMP community scanner module can assist in identifying a read-write community. The target must be abl...
MS10-087 Microsoft Word RTF pFragments Stack Buffer Overflow (File Format)
This module exploits a stack-based buffer overflow in the handling of the 'pFragments' shape property within the Microsoft Word RTF parser. All versions of Microsoft Office 2010, 2007, 2003, and XP prior to the release of the MS10-087 bulletin are vulnerable. This module does not attempt to explo...
Http:BL Lookup
This module can be used to enumerate information about an IP addresses from Project HoneyPot's HTTP Block List. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "net/dns/resolver" class MetasploitModule 'Http:B...
IPv6 Local Neighbor Discovery Using Router Advertisement
Send a spoofed router advertisement with high priority to force hosts to start the IPv6 address auto-config. Monitor for IPv6 host advertisements, and try to guess the link-local address by concatenating the prefix, and the host portion of the IPv6 address. Use NDP host solicitation to determine ...
IPv6 Link Local/Node Local Ping Discovery
Send a ICMPv6 ping request to all default multicast addresses, and wait to see who responds. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPv6 Link Local/Node Local Ping Discovery',...
SNMP Enumeration Module
This module allows enumeration of any devices with SNMP protocol support. It supports hardware, software, and network information. The default community used is "public". This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...
SNMP Windows SMB Share Enumeration
This module will use LanManager OID values to enumerate SMB shares on a Windows system via SNMP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SNMP Windows SMB Share Enumeration', 'Description...
SNMP Windows Username Enumeration
This module will use LanManager/psProcessUsername OID values to enumerate local user accounts on a Windows/Solaris system via SNMP This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SNMP Windows...
Redmine SCM Repository Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering. This module requires Metasploit: https://metasploit.com/download Current...
Microsoft WMI Administration Tools ActiveX Buffer Overflow
This module exploits a memory trust issue in the Microsoft WMI Administration tools ActiveX control. When processing a specially crafted HTML page, the WEBSingleView.ocx ActiveX Control 1.50.1131.0 will treat the 'lCtxHandle' parameter to the 'AddContextRef' and 'ReleaseContext' methods as a...
Mitel Audio and Web Conferencing Command Injection
This module exploits a command injection flaw within the Mitel Audio and Web Conferencing web interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mitel Audio and Web Conferencing Command...
MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption
This module exploits a memory corruption vulnerability within Microsoft's HTML engine mshtml. When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer t...
Cisco IOS SNMP Configuration Grabber (TFTP)
This module will download the startup or running configuration from a Cisco IOS device using SNMP and TFTP. A read-write SNMP community is required. The SNMP community scanner module can assist in identifying a read-write community. The target must be able to connect back to the Metasploit system...
Exim4 string_format Function Heap Buffer Overflow
This module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon. The root cause is that no check is made to ensure that the buffer ...
Cisco Device HTTP Device Manager Access
This module gathers data from a Cisco device router or switch with the device manager web interface exposed. The HttpUsername and HttpPassword options can be used to specify authentication. This module requires Metasploit: https://metasploit.com/download Current source:...
Cisco IOS HTTP Unauthorized Administrative Access
This module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 - 12.2 are reportedly vulnerable. This module tested successfully...
Trixbox langChoice PHP Local File Inclusion
This module injects php into the trixbox session file and then, in a second call, evaluates that code by manipulating the langChoice parameter as described in OSVDB-50421. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...
ProFTPD-1.3.3c Backdoor Command Execution
This module exploits a malicious backdoor that was added to the ProFTPD download archive. This backdoor was present in the proftpd-1.3.3c.tar.bz2|gz archive between November 28th 2010 and 2nd December 2010. This module requires Metasploit: https://metasploit.com/download Current source:...
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
This module allows remote attackers to place arbitrary files on a users file system by abusing the "CompDownload" method in the SAP KWEdit ActiveX Control kwedit.dll 6400.1.1.41. This module requires Metasploit: https://metasploit.com/download Current source:...
Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow
This module exploits a stack buffer overflow in Xion Audio Player prior to version 1.0.126. The vulnerability is triggered when opening a malformed M3U file that contains an overly long string. This results in overwriting a structured exception handler record. This module requires Metasploit:...
Microsoft IIS 6.0 ASP Stack Exhaustion Denial of Service
The vulnerability allows remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a Post Form value. This module...
DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 Build 6.1.8.10. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
rsh Authentication Scanner
This module will test a shell rsh service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports below 1024. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
rlogin Authentication Scanner
This module will test an rlogin service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports below 1024. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
rexec Authentication Scanner
This module will test an rexec service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports below 1024. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...
Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
This module exploits a stack buffer overflow in Foxit PDF Reader prior to version 4.2.0.0928. The vulnerability is triggered when opening a malformed PDF file that contains an overly long string in the Title field. This results in overwriting a structured exception handler record. NOTE: This...
Sun Java Web Start BasicServiceImpl Code Execution
This module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By injecting a parameter into a javaws call within the BasicServiceImpl class the default java sandbox policy file can be therefore overwritten. The vulnerability affects version 6...
CakePHP Cache Corruption Code Execution
CakePHP is a popular PHP framework for building web applications. The Security component of CakePHP versions 1.3.5 and earlier and 1.2.8 and earlier is vulnerable to an unserialize attack which could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of th...
SAP BusinessObjects Version Detection
This module simply attempts to identify the version of SAP BusinessObjects. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects Version Detection', 'Description' = 'This module...
SAP BusinessObjects Web User Bruteforcer
This module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects Web User Bruteforcer', 'Description' =...
SAP BusinessObjects User Bruteforcer
This module attempts to bruteforce SAP BusinessObjects users. The dswsbobje interface is only used to verify valid credentials for CmcApp. Therefore, any valid credentials that have been identified can be leveraged by logging into CmcApp. This module requires Metasploit:...
SAP BusinessObjects User Enumeration
This module simply attempts to enumerate SAP BusinessObjects users. The dswsbobje interface is only used to verify valid users for CmcApp. Therefore, any valid users that have been identified can be leveraged by logging into CmcApp. This module requires Metasploit: https://metasploit.com/download...
Web Site Crawler
Crawl a web site and store information about what was found This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Web Site Crawler', 'Description' = 'Crawl a web site and store information about what...
NetWare 6.5 SunRPC Portmapper CALLIT Stack Buffer Overflow
This module exploits a stack buffer overflow in the NetWare PKERNEL.NLM driver's CALLIT procedure. PKERNEL.NLM is installed by default on all NetWare servers to support NFS. The PKERNEL.NLM module runs in kernel mode so a failed exploit attempt can cause the operating system to reboot. This modul...
FreeNAS exec_raw.php Arbitrary Command Execution
This module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 'FreeNAS execraw.php Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 'MC' , 'License' = MSFLICENSE, 'References' = 'OSVDB', '94441' , 'URL',...
HTTP Form Field Fuzzer
This module will grab all fields from a form, and launch a series of POST actions, fuzzing the contents of the form fields. You can optionally fuzz headers too option is enabled by default This module requires Metasploit: https://metasploit.com/download Current source:...
IPv6 Local Neighbor Discovery
Enumerate local IPv6 hosts which respond to Neighbor Solicitations with a link-local address. Note, that like ARP scanning, this usually cannot be performed beyond the local broadcast network. This module requires Metasploit: https://metasploit.com/download Current source:...
BACnet OPC Client Buffer Overflow
This module exploits a stack buffer overflow in SCADA Engine BACnet OPC Client v1.0.24. When the BACnet OPC Client parses a specially crafted csv file, arbitrary code may be executed. This module requires Metasploit: https://metasploit.com/download Current source:...
UPnP SSDP M-SEARCH Information Discovery
Discover information from UPnP-enabled systems This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UPnP SSDP M-SEARCH Information Discovery', 'Description' = 'Discover information from UPnP-enabled...