OS Command Exec, Unix Command Shell, Bind TCP (via Zsh)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. Module Options msf use payload/php/unix/cmd/bindzsh msf payloadbindzsh show actions ...actions... msf...

OS Command Exec, Unix Command Shell, Double Reverse TCP (telnet)

Execute an OS command from PHP. Creates an interactive shell through two inbound connections Module Options msf use payload/php/unix/cmd/reverse msf payloadreverse show actions ...actions... msf payloadreverse set ACTION msf payloadreverse show options ...show and set options... msf payloadrevers...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via php)

Execute an OS command from PHP. Creates an interactive shell via php, uses SSL Module Options msf use payload/php/unix/cmd/reversephpssl msf payloadreversephpssl show actions ...actions... msf payloadreversephpssl set ACTION msf payloadreversephpssl show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse TCP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/reversesocattcp msf payloadreversesocattcp show actions ...actions... msf payloadreversesocattcp set ACTION msf payloadreversesocattcp show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Bind TCP (via nodejs)

Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via nodejs Module Options msf use payload/php/unix/cmd/bindnodejs msf payloadbindnodejs show actions ...actions... msf payloadbindnodejs set ACTION msf payloadbindnodejs show options ...show and set...

OS Command Exec, Unix Command Shell, Reverse TCP (via AWK)

Execute an OS command from PHP. Creates an interactive shell via GNU AWK Module Options msf use payload/php/unix/cmd/reverseawk msf payloadreverseawk show actions ...actions... msf payloadreverseawk set ACTION msf payloadreverseawk show options ...show and set options... msf payloadreverseawk run...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. Module Options msf use...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via perl)

Execute an OS command from PHP. Creates an interactive shell via perl, uses SSL Module Options msf use payload/php/unix/cmd/reverseperlssl msf payloadreverseperlssl show actions ...actions... msf payloadreverseperlssl set ACTION msf payloadreverseperlssl show options ...show and set options... ms...

OS Command Exec, Unix Command Shell, Reverse TCP (via Tclsh)

Execute an OS command from PHP. Creates an interactive shell via Tclsh Module Options msf use payload/php/unix/cmd/reversetclsh msf payloadreversetclsh show actions ...actions... msf payloadreversetclsh set ACTION msf payloadreversetclsh show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse TCP (via Ksh)

Execute an OS command from PHP. Connect back and create a command shell via Ksh. Note: Although Ksh is often available, please be aware it isn't usually installed by default. Module Options msf use payload/php/unix/cmd/reverseksh msf payloadreverseksh show actions ...actions... msf...

OS Command Exec, Unix Command Shell, Bind TCP (via R)

Execute an OS command from PHP. Continually listen for a connection and spawn a command shell via R Module Options msf use payload/php/unix/cmd/bindr msf payloadbindr show actions ...actions... msf payloadbindr set ACTION msf payloadbindr show options ...show and set options... msf payloadbindr r...

OS Command Exec, Unix Command, Interact with Established Connection

Execute an OS command from PHP. Interacts with a shell on an established socket connection Module Options msf use payload/php/unix/cmd/interact msf payloadinteract show actions ...actions... msf payloadinteract set ACTION msf payloadinteract show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Bind TCP (via netcat -e) IPv6

Execute an OS command from PHP. Listen for a connection and spawn a command shell via netcat Module Options msf use payload/php/unix/cmd/bindnetcatgapingipv6 msf payloadbindnetcatgapingipv6 show actions ...actions... msf payloadbindnetcatgapingipv6 set ACTION msf payloadbindnetcatgapingipv6 show...

OS Command Exec, Unix Command Shell, Bind TCP (via netcat -e)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via netcat Module Options msf use payload/php/unix/cmd/bindnetcatgaping msf payloadbindnetcatgaping show actions ...actions... msf payloadbindnetcatgaping set ACTION msf payloadbindnetcatgaping show options ...show...

OS Command Exec, Unix Command Shell, Reverse TCP (via netcat)

Execute an OS command from PHP. Creates an interactive shell via netcat Module Options msf use payload/php/unix/cmd/reversenetcat msf payloadreversenetcat show actions ...actions... msf payloadreversenetcat set ACTION msf payloadreversenetcat show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Bind TCP (via perl) IPv6

Execute an OS command from PHP. Listen for a connection and spawn a command shell via perl Module Options msf use payload/php/unix/cmd/bindperlipv6 msf payloadbindperlipv6 show actions ...actions... msf payloadbindperlipv6 set ACTION msf payloadbindperlipv6 show options ...show and set options...

OS Command Exec, Unix Command Shell, Reverse TCP (via Zsh)

Execute an OS command from PHP. Connect back and create a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. Module Options msf use payload/php/unix/cmd/reversezsh msf payloadreversezsh show actions ...actions... msf...

OS Command Exec, Unix Command Shell, Bind TCP (via AWK)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via GNU AWK Module Options msf use payload/php/unix/cmd/bindawk msf payloadbindawk show actions ...actions... msf payloadbindawk set ACTION msf payloadbindawk show options ...show and set options... msf payloadbinda...

OS Command Exec, Unix Command Shell, Double Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option Module Options msf use payload/php/unix/cmd/reversessldoubletelnet msf payloadreversessldoubletelnet show actions ...actions... msf payloadreversessldoubletelnet set...

OS Command Exec, Unix Command Shell, Bind UDP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/bindsocatudp msf payloadbindsocatudp show actions ...actions... msf payloadbindsocatudp set ACTION msf payloadbindsocatudp show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse SCTP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/reversesocatsctp msf payloadreversesocatsctp show actions ...actions... msf payloadreversesocatsctp set ACTION msf payloadreversesocatsctp show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via python)

Execute an OS command from PHP. Creates an interactive shell via python, uses SSL, encodes with base64 by design. Module Options msf use payload/php/unix/cmd/reversepythonssl msf payloadreversepythonssl show actions ...actions... msf payloadreversepythonssl set ACTION msf payloadreversepythonssl...

OS Command Exec, Unix Command Shell, Bind SCTP (via socat)

Execute an OS command from PHP. Creates an interactive shell via socat Module Options msf use payload/php/unix/cmd/bindsocatsctp msf payloadbindsocatsctp show actions ...actions... msf payloadbindsocatsctp set ACTION msf payloadbindsocatsctp show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse TCP (via R)

Execute an OS command from PHP. Connect back and create a command shell via R Module Options msf use payload/php/unix/cmd/reverser msf payloadreverser show actions ...actions... msf payloadreverser set ACTION msf payloadreverser show options ...show and set options... msf payloadreverser run This...

OS Command Exec, Unix Command Shell, Reverse UDP (/dev/udp)

Execute an OS command from PHP. Creates an interactive shell via bash's builtin /dev/udp. This will not work on circa 2009 and older Debian-based Linux distributions including Ubuntu because they compile bash without the /dev/udp feature. Module Options msf use payload/php/unix/cmd/reversebashudp...

Remote for Mac Unauthenticated RCE

This module exploits an unauthenticated remote code execution vulnerability in Remote for Mac versions up to and including 2025.7 via the /api/executeScript endpoint. When authentication is disabled on the target system, it allows attackers to execute arbitrary AppleScript commands, which can...

Maldoc in PDF Polyglot converter

A malicious MHT file created can be opened in Microsoft Word even though it has magic numbers and file structure of PDF. If the file has configured macro, by opening it in Microsoft Word, VBS runs and performs malicious behaviors. The attack does not bypass configured macro locks. And the malicio...

ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download

This module exploits a path traversal vulnerability CVE-2023-27856 in ThinManager use auxiliary/gather/thinmanagertraversaldownload msf auxiliarythinmanagertraversaldownload show actions ...actions... msf auxiliarythinmanagertraversaldownload set ACTION msf auxiliarythinmanagertraversaldownload...

ThinManager Path Traversal (CVE-2023-2917) Arbitrary File Upload

This module exploits a path traversal vulnerability CVE-2023-2917 in ThinManager use auxiliary/admin/networking/thinmanagertraversalupload2 msf auxiliarythinmanagertraversalupload2 show actions ...actions... msf auxiliarythinmanagertraversalupload2 set ACTION msf...

ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete

This module exploits a path traversal vulnerability CVE-2023-2915 in ThinManager use auxiliary/admin/networking/thinmanagertraversaldelete msf auxiliarythinmanagertraversaldelete show actions ...actions... msf auxiliarythinmanagertraversaldelete set ACTION msf auxiliarythinmanagertraversaldelete...

Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution

This module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM, tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated access to an administrator web API endpoint, which allows for code execution via expression language injection...

udev persistence

This module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It'll be executed with root privileges everytime a network interface other than l0 comes up. Module Options msf use exploit/linux/local/udevpersistence msf exploitudevpersistence show targets...

ThinManager Path Traversal (CVE-2023-27855) Arbitrary File Upload

This module exploits a path traversal vulnerability CVE-2023-27855 in ThinManager use auxiliary/admin/networking/thinmanagertraversalupload msf auxiliarythinmanagertraversalupload show actions ...actions... msf auxiliarythinmanagertraversalupload set ACTION msf auxiliarythinmanagertraversalupload...

PHP Exec

Execute a PHP payload as an OS command from a Posix-compatible shell Module Options msf use payload/cmd/unix/php/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadex...

PHP Exec, PHP Meterpreter, Bind TCP Stager IPv6

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Listen for a connection over IPv6 Module Options msf use payload/cmd/unix/php/meterpreter/bindtcpipv6 msf payloadbindtcpipv6 show actions ...actions... msf payloadbindtcpipv6 set ACTION msf...

PHP Exec, PHP Meterpreter, PHP Reverse TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions Module Options msf use payload/cmd/unix/php/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf...

PHP Exec, PHP Meterpreter, Bind TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Listen for a connection Module Options msf use payload/cmd/unix/php/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show option...

PHP Exec, PHP Meterpreter, Bind TCP Stager IPv6 with UUID Support

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Listen for a connection over IPv6 with UUID Support Module Options msf use payload/cmd/unix/php/meterpreter/bindtcpipv6uuid msf payloadbindtcpipv6uuid show actions ...actions... msf...

PHP Exec, PHP Meterpreter, Bind TCP Stager with UUID Support

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Listen for a connection with UUID Support Module Options msf use payload/cmd/unix/php/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION...

PHP Exec, PHP Command Shell, Bind TCP (via PHP)

Execute a PHP payload as an OS command from a Posix-compatible shell. Listen for a connection and spawn a command shell via php Module Options msf use payload/cmd/unix/php/bindphp msf payloadbindphp show actions ...actions... msf payloadbindphp set ACTION msf payloadbindphp show options ...show a...

PHP Exec, PHP Command Shell, Bind TCP (via php) IPv6

Execute a PHP payload as an OS command from a Posix-compatible shell. Listen for a connection and spawn a command shell via php IPv6 Module Options msf use payload/cmd/unix/php/bindphpipv6 msf payloadbindphpipv6 show actions ...actions... msf payloadbindphpipv6 set ACTION msf payloadbindphpipv6...

PHP Exec, PHP Command Shell, Find Sock

Execute a PHP payload as an OS command from a Posix-compatible shell. Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless...

PHP Exec, PHP Command Shell, Bind TCP (via Perl)

Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent Module Options msf use payload/cmd/unix/php/bindperl msf payloadbindperl show actions ...actions... msf payloadbindperl set ACTION msf payloadbindperl show options ...show and set options...

PHP Exec, PHP Command Shell, Bind TCP (via perl) IPv6

Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent over IPv6 Module Options msf use payload/cmd/unix/php/bindperlipv6 msf payloadbindperlipv6 show actions ...actions... msf payloadbindperlipv6 set ACTION msf payloadbindperlipv6 show options...

PHP Exec, PHP Command, Double Reverse TCP Connection (via Perl)

Execute a PHP payload from a command. Creates an interactive shell via perl Module Options msf use payload/cmd/unix/php/reverseperl msf payloadreverseperl show actions ...actions... msf payloadreverseperl set ACTION msf payloadreverseperl show options ...show and set options... msf...

PHP Exec, PHP Execute Command

Execute a PHP payload as an OS command from a Posix-compatible shell. Execute a single system command Module Options msf use payload/cmd/unix/php/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run...

PHP Exec

Execute a PHP payload as an OS command from a Posix-compatible shell Module Options msf use payload/cmd/unix/php/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and...

PHP Exec, PHP Command Shell, Reverse TCP (via PHP)

Execute a PHP payload as an OS command from a Posix-compatible shell. Reverse PHP connect back shell with checks for disabled functions Module Options msf use payload/cmd/unix/php/reversephp msf payloadreversephp show actions ...actions... msf payloadreversephp set ACTION msf payloadreversephp sh...

PHP Exec, PHP Meterpreter, PHP Reverse TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions Module Options msf use payload/cmd/unix/php/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf...

Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization

A vulnerability in Gladinet CentreStack and Triofox application using hardcoded cryptographic keys for ViewState could allow an attacker to forge ViewState data. This can lead to unauthorized actions such as remote code execution. Both applications make use of a hardcoded machineKey in the IIS...