HTTP Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...

HTTP Fetch, Reverse SCTP Stager

Fetch and execute an x64 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x64/meterpreter/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set...

TFTP Fetch, Linux x64 Pingback, Bind TCP Inline

Fetch and execute an x64 payload from a TFTP server. Accept a connection from attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/tftp/x64/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf payloadpingbackbindtcp...

TFTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an x64 payload from a TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/x64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show and...

TFTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x64 payload from a TFTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/tftp/x64/shellbindtcprandomport msf payloadshellbindtcprandomport show actio...

HTTPS Fetch, Linux Command Shell, Reverse SCTP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show...

HTTPS Fetch, Linux Command Shell, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show option...

HTTPS Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/https/x64/shellbindtcprandomport msf payloadshellbindtcprandomport show...

HTTPS Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/x64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...sh...

HTTPS Fetch, Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Listen for a connection Module Options msf use payload/cmd/linux/https/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

HTTPS Fetch, Linux Execute Command

Fetch and execute an x64 payload from an HTTPS server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/https/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...

TFTP Fetch, Linux Command Shell, Reverse SCTP Stager

Fetch and execute an x64 payload from a TFTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show optio...

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

HTTPS Fetch, Linux Command Shell, Bind TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Spawn a command shell staged. Listen for a connection Module Options msf use payload/cmd/linux/https/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...

HTTPS Fetch, Linux x64 Pingback, Reverse TCP Inline

Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/https/x64/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...

HTTP Fetch, Bind TCP Stager

Fetch and execute an x64 payload from an HTTP server. Listen for a connection Module Options msf use payload/cmd/linux/http/x64/meterpreter/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

TFTP Fetch, Reverse SCTP Stager

Fetch and execute an x64 payload from a TFTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/x64/meterpreter/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set...

TFTP Fetch, Linux Command Shell, Bind TCP Stager

Fetch and execute an x64 payload from a TFTP server. Spawn a command shell staged. Listen for a connection Module Options msf use payload/cmd/linux/tftp/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set...

TFTP Fetch, Linux x64 Command Shell, Reverse TCP Inline (IPv6)

Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/tftp/x64/shellreverseipv6tcp msf payloadshellreverseipv6tcp show actions ...actions... msf payloadshellreverseipv6tcp set ACTION msf...

HTTP Fetch, Linux x64 Pingback, Bind TCP Inline

Fetch and execute an x64 payload from an HTTP server. Accept a connection from attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/http/x64/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf payloadpingbackbindtc...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

HTTPS Fetch, Linux x64 Command Shell, Reverse TCP Inline (IPv6)

Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/https/x64/shellreverseipv6tcp msf payloadshellreverseipv6tcp show actions ...actions... msf payloadshellreverseipv6tcp set ACTION msf...

HTTPS Fetch, Linux x64 Command Shell, Bind TCP Inline (IPv6)

Fetch and execute an x64 payload from an HTTPS server. Listen for an IPv6 connection and spawn a command shell Module Options msf use payload/cmd/linux/https/x64/shellbindipv6tcp msf payloadshellbindipv6tcp show actions ...actions... msf payloadshellbindipv6tcp set ACTION msf...

HTTPS Fetch, Linux x64 Pingback, Bind TCP Inline

Fetch and execute an x64 payload from an HTTPS server. Accept a connection from attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/https/x64/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...

TFTP Fetch, Linux x64 Pingback, Reverse TCP Inline

Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/tftp/x64/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...

HTTP Fetch, Linux Execute Command

Fetch and execute an x64 payload from an HTTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/http/x64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

HTTP Fetch, Linux Command Shell, Reverse SCTP Stager

Fetch and execute an x64 payload from an HTTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show...

HTTP Fetch, Linux x64 Pingback, Reverse TCP Inline

Fetch and execute an x64 payload from an HTTP server. Connect back to attacker and report UUID Linux x64 Module Options msf use payload/cmd/linux/http/x64/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...

HTTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x64 payload from an HTTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/http/x64/shellbindtcprandomport msf payloadshellbindtcprandomport show...

HTTPS Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an x64 payload from an HTTPS server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/https/x64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show...

HTTPS Fetch, Reverse SCTP Stager

Fetch and execute an x64 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/x64/meterpreter/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set...

HTTP Fetch, Linux x64 Command Shell, Reverse TCP Inline (IPv6)

Fetch and execute an x64 payload from an HTTP server. Connect back to attacker and spawn a command shell over IPv6 Module Options msf use payload/cmd/linux/http/x64/shellreverseipv6tcp msf payloadshellreverseipv6tcp show actions ...actions... msf payloadshellreverseipv6tcp set ACTION msf...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an x64 payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

invscout RPM Privilege Escalation

This module exploits a command injection vulnerability in IBM AIX invscout set-uid root utility present in AIX 7.2 and earlier. The undocumented -rpm argument can be used to install an RPM file; and the undocumented -o argument passes arguments to the rpm utility without validation, leading to...

Ivanti Avalanche FileStoreConfig File Upload

Ivanti Avalanche prior to v6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve RCE as NT AUTHORITY\SYSTEM. Module Options m...

Pentaho Business Server Auth Bypass and Server Side Template Injection RCE

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass CVE-2022-43939 and a Server Side Template Injection SSTI vulnerability CVE-2022-43769 that can be chained together to achieve unauthenticated code...

Zyxel chained RCE using LFI and weak password derivation algorithm

This module exploits multiple vulnerabilities in the zhttpd binary /bin/zhttpd and zcmd binary /bin/zcmd. It is present on more than 40 Zyxel routers and CPE devices. The remote code execution vulnerability can be exploited by chaining the local file disclosure vulnerability in the zhttpd binary...

ManageEngine ADAudit Plus Authenticated File Write RCE

This module exploits security issues in ManageEngine ADAudit Plus prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided credentials, retrie...

Icingaweb Directory Traversal in Static Library File Requests

Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an unauthenticated directory traversal vulnerability. The vulnerability is triggered through the icinga-php-thirdparty library, which allows unauthenticated users to retrieve arbitrary files from the target...

Adobe ColdFusion Unauthenticated Remote Code Execution

This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution. Module Options msf use...

Adobe ColdFusion Unauthenticated Arbitrary File Read

This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to read an arbitrary file from the server. To run this module you must provide a valid ColdFusion...

Joomla API Improper Access Checks

Joomla versions between 4.0.0 and 4.2.7, inclusive, contain an improper API access vulnerability. This vulnerability allows unauthenticated users access to webservice endpoints which contain sensitive information. Specifically for this module we exploit the users and config/application endpoints...

VMware Workspace ONE Access CVE-2022-22960

This module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. Module Options msf use...

SPIP form PHP Injection

This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are use exploit/unix/webapp/spiprceform m...

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

This module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability CVE-2022-22956 is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the authentication...

Python Exec, Command Shell, Reverse SCTP (via python)

Execute a Python payload from a command. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf...

Command Shell, Reverse SCTP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/python/shellreversesctp msf payloadshellreversesctp show actions ...actions... msf payloadshellreversesctp set ACTION msf payloadshellreversesctp show...

Linux Mettle x64, Reverse SCTP Stager

Inject the mettle server payload staged. Connect back to the attacker Module Options msf use payload/linux/x64/meterpreter/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set options... msf...

Linux Command Shell, Reverse SCTP Stager

Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/linux/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show options ...show and set options... msf payloadreversesctp run This...