TFTP File Server

This module provides a TFTP service This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'tmpdir' class MetasploitModule 'TFTP File Server', 'Description' = %q This module provides a TFTP service , 'Author' =...

Simple FTP Fuzzer

This module will connect to a FTP server and perform pre- and post-authentication fuzzing This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Simple FTP Fuzzer', 'Description' = %q This module will...

Microsoft SQL Server Interesting Data Finder

This module will search the specified MSSQL server for 'interesting' columns and data. This module has been tested against the latest SQL Server 2019 docker container image 22/04/2021. This module requires Metasploit: https://metasploit.com/download Current source:...

PHP Remote File Include Generic Code Execution

This module can be used to exploit any generic PHP file include vulnerability, where the application includes code like the following: This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Remote...

Adobe PDF Embedded EXE Social Engineering

This module embeds a Metasploit payload into an existing PDF file. The resulting PDF can be sent to a target as part of a social engineering attack. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

LiteSpeed Source Code Disclosure/Download

This module exploits a source code disclosure/download vulnerability in versions 4.0.14 and prior of LiteSpeed. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LiteSpeed Source Code...

Fake DNS Service

This module provides a DNS service that redirects all queries to a particular address. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'resolv' class MetasploitModule 'Fake DNS Service', 'Description' = %q Thi...

UFO: Alien Invasion IRC Client Buffer Overflow

This module exploits a buffer overflow in the IRC client component of UFO: Alien Invasion 2.2.1. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UFO: Alien Invasion IRC Client Buffer Overflow',...

UFO: Alien Invasion IRC Client Buffer Overflow

This module exploits a buffer overflow in the IRC client component of UFO: Alien Invasion 2.2.1. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UFO: Alien Invasion IRC Client Buffer Overflow',...

Solaris KCMS + TTDB Arbitrary File Read

This module targets a directory traversal vulnerability in the kcmsserver component from the Kodak Color Management System. By utilizing the ToolTalk Database Server's TTISBUILD procedure, an attacker can bypass existing directory traversal validation and read arbitrary files. Vulnerable systems...

PHP Meterpreter, PHP Reverse TCP Stager

Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 1116 include Msf::Payload::Stage...

Generic Payload Handler

This module is a stub that provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

JBoss Vulnerability Scanner

This module scans a JBoss instance for a few vulnerabilities. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Vulnerability Scanner', 'Description' = %q This module scans a JBoss instance...

SMB Session Pipe Auditor

Determine what named pipes are accessible over SMB This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB Session Pipe Auditor', 'Description' = 'Determine what named pipes are accessible over SMB...

Nginx Source Code Disclosure/Download

This module exploits a source code disclosure/download vulnerability in versions 0.7 and 0.8 of the nginx web server. Versions 0.7.66 and 0.8.40 correct this vulnerability. This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft Visual Studio Mdmask32.ocx ActiveX Buffer Overflow

This module exploits a stack buffer overflow in Microsoft's Visual Studio 6.0. When passing a specially crafted string to the Mask parameter of the Mdmask32.ocx ActiveX Control, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download...

Samba trans2open Overflow (*BSD x86)

This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set. This module requires Metasploit: https://metasploit.com/download Current source:...

UnrealIRCD 3.2.8.1 Backdoor Command Execution

This module exploits a malicious backdoor that was added to the Unreal IRCD 3.2.8.1 download archive. This backdoor was present in the Unreal3.2.8.1.tar.gz archive between November 2009 and June 12th 2010. This module requires Metasploit: https://metasploit.com/download Current source:...

Samba trans2open Overflow (Linux x86)

This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set. NOTE: Some older versions of RedHat do not seem to be vulnerable since they apparently do not allow...

Adobe Flash Player "newfunction" Invalid Pointer Use

This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash...

Adobe Flash Player "newfunction" Invalid Pointer Use

This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash...

Apache Axis2 v1.4.1 Local File Inclusion

This module exploits an Apache Axis2 v1.4.1 local file inclusion LFI vulnerability. By loading a local XML file which contains a cleartext username and password, attackers can trivially recover authentication credentials to Axis services. This module requires Metasploit:...

stat(2)-based Context Keyed Payload Encoder

This is a Context-Keyed Payload Encoder based on stat2 and Shikata Ga Nai. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/poly' class MetasploitModule 'stat2-based Context Keyed Payload Encoder',...

time(2)-based Context Keyed Payload Encoder

This is a Context-Keyed Payload Encoder based on time2 and Shikata Ga Nai. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/poly' class MetasploitModule 'time2-based Context Keyed Payload Encoder',...

CPUID-based Context Keyed Payload Encoder

This is a Context-Keyed Payload Encoder based on CPUID and Shikata Ga Nai. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/poly' class MetasploitModule 'CPUID-based Context Keyed Payload Encoder',...

MacOS X EvoCam HTTP GET Buffer Overflow

This module exploits a stack buffer overflow in the web server provided with the EvoCam program for Mac OS X. We use Dino Dai Zovi's exec-from-heap technique to copy the payload from the non-executable stack segment to heap memory. Vulnerable versions include 3.6.6, 3.6.7, and possibly earlier...

Oracle DB SQL Injection in MDSYS.SDO_TOPO_DROP_FTBL Trigger

This module will escalate an Oracle DB user to MDSYS by exploiting a sql injection bug in the MDSYS.SDOTOPODROPFTBL trigger. After that exploit escalate user to DBA using "CREATE ANY TRIGGER" privilege given to MDSYS user by creating evil trigger in system scheme 2-stage attack. This module...

Novell ZENworks Configuration Management Remote Execution

This module exploits a code execution flaw in Novell ZENworks Configuration Management 10.2.0. By exploiting the UploadServlet, an attacker can upload a malicious file outside of the TEMP directory and then make a secondary request that allows for arbitrary code execution. This module requires...

SolarWinds TFTP Server 10.4.0.10 Denial of Service

The SolarWinds TFTP server can be shut down by sending a 'netascii' read request with a specially crafted file name. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarWinds TFTP Server...

S.O.M.P.L 1.0 Player Buffer Overflow

This module exploits a buffer overflow in Simple Open Music Player v1.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

HTTP Open Proxy Detection

Checks if an HTTP proxy is open. False positive are avoided verifying the HTTP return code and matching a pattern. The CONNECT method is verified only the return code. HTTP headers are shown regarding the use of proxy or load balancer. This module requires Metasploit:...

SMTP Simple Fuzzer

SMTP Simple Fuzzer This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework A Very simple Module to fuzzer some SMTP commands. It allows to respect the order or just throw everything at it.... class MetasploitModule 'SMTP Simp...

FeedDemon Stack Buffer Overflow

This module exploits a buffer overflow in FeedDemon v3.1.0.12. When the application is used to import a specially crafted opml file, a buffer overflow occurs allowing arbitrary code execution. All versions are suspected to be vulnerable. This vulnerability was originally reported against version...

SIP Username Enumerator (TCP)

Scan for numeric username/extensions using OPTIONS/REGISTER requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SIP Username Enumerator TCP', 'Description' = 'Scan for numeric...

SIP Endpoint Scanner (TCP)

Scan for SIP devices using OPTIONS requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SIP Endpoint Scanner TCP', 'Description' = 'Scan for SIP devices using OPTIONS requests', 'Author' =...

CommuniCrypt Mail 1.16 SMTP ActiveX Stack Buffer Overflow

This module exploits a stack buffer overflow in the ANSMTP.dll/AOSMTP.dll ActiveX Control provided by CommuniCrypt Mail 1.16. By sending an overly long string to the "AddAttachments" method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...

MS10-004 Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow

This module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable...

PointDev IDEAL Migration Buffer Overflow

This module exploits a stack buffer overflow in versions v9.7 through v10.5 of IDEAL Administration and versions 4.5 and 4.51 of IDEAL Migration. All versions are suspected to be vulnerable. By creating a specially crafted ipj file, an attacker may be able to execute arbitrary code. NOTE: IDEAL...

OpenX banner-edit.php File Upload PHP Code Execution

This module exploits a vulnerability in the OpenX advertising software. In versions prior to version 2.8.2, authenticated users can upload files with arbitrary extensions to be used as banner creative content. By uploading a file with a PHP extension, an attacker can execute arbitrary PHP code...

Lotus Domino Brute Force Utility

Lotus Domino Authentication Brute Force Utility This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lotus Domino Brute Force Utility', 'Description' = 'Lotus Domino Authentication Brute Force...

AgentX++ Master AgentX::receive_agentx Stack Buffer Overflow

This exploits a stack buffer overflow in the AgentX++ library, as used by various applications. By sending a specially crafted request, an attacker can execute arbitrary code, potentially with SYSTEM privileges. This module was tested successfully against master.exe as included with Real Network'...

Lotus Domino Version

Several checks to determine Lotus Domino Server Version. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lotus Domino Version', 'Description' = 'Several checks to determine Lotus Domino Server...

Sun Java System Web Server WebDAV OPTIONS Buffer Overflow

This module exploits a buffer overflow in Sun Java Web Server prior to version 7 Update 8. By sending an "OPTIONS" request with an overly long path, attackers can execute arbitrary code. In order to reach the vulnerable code, the attacker must also specify the path to a directory with WebDAV...

Maple Maplet File Creation and Command Execution

This module harnesses Maple's ability to create files and execute commands automatically when opening a Maplet. All versions up to 13 are suspected vulnerable. Testing was conducted with version 13 on Windows. Standard security settings prevent code from running in a normal maple worksheet withou...

Oracle Account Discovery

This module uses a list of well known default authentication credentials to discover easily guessed accounts. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'csv' class MetasploitModule 'Oracle Account...

Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE

The module exploits an sql injection flaw in the DROPCHANGESOURCE procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module require...

EasyFTP Server CWD Command Stack Buffer Overflow

This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing 'CWD' commands, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentials are typically unnecessary to exploi...

MS10-018 Microsoft Internet Explorer DHTML Behaviors Use After Free

This module exploits a use-after-free vulnerability within the DHTML behaviors functionality of Microsoft Internet Explorer versions 6 and 7. This bug was discovered being used in-the-wild and was previously known as the "iepeers" vulnerability. The name comes from Microsoft's suggested workaroun...

Trellian FTP Client 3.01 PASV Remote Buffer Overflow

This module exploits a buffer overflow in the Trellian 3.01 FTP client that is triggered through an excessively long PASV message. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trellian FTP...

Xftp FTP Client 3.0 PWD Remote Buffer Overflow

This module exploits a buffer overflow in the Xftp 3.0 FTP client that is triggered through an excessively long PWD message. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xftp FTP Client 3.0...