6841 matches found
TFTP Fetch, Linux Chmod
Fetch and execute an AARCH64 payload from a TFTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/tftp/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...
WMI Event Subscription Logon Timer Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will trigger the payload after the system has a certain uptime. Payloads will trigger every minute until the set end time. Additionally a custom command can be specified to run...
HTTP Fetch, Linux Chmod
Fetch and execute an AARCH64 payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
HTTPS Fetch, Linux Chmod
Fetch and execute an ARMLE payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/armle/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...
HTTPS Fetch, Linux Chmod
Fetch and execute an AARCH64 payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
HTTP Fetch, Linux Chmod
Fetch and execute an ARMLE payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/armle/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options...
WMI Event Subscription Event Log Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified USERNAMETRIGGER note: failed logon auditing must be enabled on...
WMI Event Subscription Process Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload when the specified process is started. Additionally a custom command can be specified to run once the trigger is activated using the advanced option...
WMI Event Subscription Interval Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom command can be...
Control Web Panel /admin/index.php Unauthenticated RCE
Control Web Panel CWP versions use exploit/linux/http/controlwebpanelapicmdexec msf exploitcontrolwebpanelapicmdexec show targets ...targets... msf exploitcontrolwebpanelapicmdexec set TARGET msf exploitcontrolwebpanelapicmdexec show options ...show and set options... msf...
Web-Check Screenshot API Command Injection RCE
This module exploits a command injection vulnerability in Web-Check's /api/screenshot endpoint. The directChromiumScreenshot function uses childprocess.exec with unsanitized user input, allowing command injection via URL query parameters. The vulnerability was patched in commit...
n8n Workflow Expression Remote Code Execution
This module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated in an execution context that is not...
Accessibility Features (Sticky Keys) Persistence via Debugger Registry Key
This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...
udev Persistence
This module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It'll be executed with root privileges everytime a network interface other than l0 comes up. Execution is triggered through at command, so it must be installed on the target. Module Options msf use...
Prison Management System 1.0 Authenticated RCE via Unrestricted File Upload
This module exploits an unrestricted file upload vulnerability in Prison Management System 1.0. An authenticated user can upload a PHP file with arbitrary content by abusing the avatar upload functionality in the add-admin.php endpoint. The application fails to properly validate the uploaded file...
Python Site-Specific Hook Persistence
This module leverages Python's startup mechanism, where some files can be automically processed during the initialization of the Python interpreter. One of those files are startup hooks site-specific, dist-packages. If these files are present in site-specific or dist-packages directories, any lin...
Taiga tribe_gig authenticated unserialize remote code execution
This module exploits an unserialization flaw by creating a userstory in a project. Module Options msf use exploit/multi/http/taigatribegigunserial msf exploittaigatribegigunserial show targets ...targets... msf exploittaigatribegigunserial set TARGET msf exploittaigatribegigunserial show options...
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...
HTTPS Fetch, Linux Reboot
Fetch and execute an RISC-V 32-bit payload from an HTTPS server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/https/riscv32le/reboot msf...
HTTPS Fetch, Linux Execute Command
Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Execute an arbitrary command Module Options msf use payload/cmd/linux/https/riscv64le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec...
TFTP Fetch, Linux Chmod
Fetch and execute an RISC-V 32-bit payload from a TFTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/tftp/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
TFTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an RISC-V 32-bit payload from a TFTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/tftp/riscv32le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an RISC-V 32-bit payload from an HTTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/http/riscv32le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...
TFTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an RISC-V 32-bit payload from a TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...
TFTP Fetch, Linux Chmod
Fetch and execute an RISC-V 64-bit payload from a TFTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/tftp/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
TFTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an RISC-V 64-bit payload from a TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...
HTTP Fetch, Linux Chmod
Fetch and execute an RISC-V 64-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
HTTPS Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp sh...
HTTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an RISC-V 32-bit payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...
HTTPS Fetch, Linux Chmod
Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and s...
HTTPS Fetch, Linux Reboot
Fetch and execute an RISC-V 64-bit payload from an HTTPS server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/https/riscv64le/reboot msf...
TFTP Fetch, Linux Execute Command
Fetch and execute an RISC-V 64-bit payload from a TFTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/tftp/riscv64le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec ru...
HTTP Fetch, Linux Chmod
Fetch and execute an RISC-V 32-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
HTTP Fetch, Linux Execute Command
Fetch and execute an RISC-V 64-bit payload from an HTTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/http/riscv64le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec r...
HTTPS Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an RISC-V 32-bit payload from an HTTPS server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/https/riscv32le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an RISC-V 64-bit payload from an HTTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/http/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...
HTTP Fetch, Linux Reboot
Fetch and execute an RISC-V 64-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv64le/reboot msf...
TFTP Fetch, Linux Execute Command
Fetch and execute an RISC-V 32-bit payload from a TFTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/tftp/riscv32le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec ru...
HTTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an RISC-V 64-bit payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/riscv64le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...
HTTPS Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an RISC-V 32-bit payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp sh...
TFTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an RISC-V 64-bit payload from a TFTP server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/tftp/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...
HTTP Fetch, Linux Execute Command
Fetch and execute an RISC-V 32-bit payload from an HTTP server. Execute an arbitrary command Module Options msf use payload/cmd/linux/http/riscv32le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec r...
HTTP Fetch, Linux Reboot
Fetch and execute an RISC-V 32-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv32le/reboot msf...
HTTPS Fetch, Linux Chmod
Fetch and execute an RISC-V 32-bit payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and s...
HTTPS Fetch, Linux Execute Command
Fetch and execute an RISC-V 32-bit payload from an HTTPS server. Execute an arbitrary command Module Options msf use payload/cmd/linux/https/riscv32le/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec...
HTTPS Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Connect back to attacker and spawn a command shell. Module Options msf use payload/cmd/linux/https/riscv64le/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf...
TFTP Fetch, Linux Reboot
Fetch and execute an RISC-V 32-bit payload from a TFTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/tftp/riscv32le/reboot msf...
TFTP Fetch, Linux Reboot
Fetch and execute an RISC-V 64-bit payload from a TFTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/tftp/riscv64le/reboot msf...
MongoDB Memory Disclosure (CVE-2025-14847) - Mongobleed
This module exploits a memory disclosure vulnerability in MongoDB's zlib decompression handling CVE-2025-14847. By sending crafted OPCOMPRESSED messages with inflated BSON document lengths, the server reads beyond the decompressed buffer and returns leaked memory contents in error messages. The...