6843 matches found
GitLab Unauthenticated Remote ExifTool Command Injection
This module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition CE and Enterprise Edition EE. The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user. Module Options msf use...
WordPress Plugin Pie Register Auth Bypass to RCE
This module uses an authentication bypass vulnerability in Wordpress Plugin Pie Register use exploit/unix/webapp/wppieregisterbypassrce msf exploitwppieregisterbypassrce show targets ...targets... msf exploitwppieregisterbypassrce set TARGET msf exploitwppieregisterbypassrce show options ...show...
Wordpress BulletProof Security Backup Disclosure
The Wordpress plugin BulletProof Security, versions use auxiliary/scanner/http/wpbulletproofsecuritybackups msf auxiliarywpbulletproofsecuritybackups show actions ...actions... msf auxiliarywpbulletproofsecuritybackups set ACTION msf auxiliarywpbulletproofsecuritybackups show options ...show and...
Browse the session filesystem in a Web Browser
This module allows you to browse the session filesystem via a local browser window. Module Options msf use post/multi/manage/fileshare msf postfileshare show actions ...actions... msf postfileshare set ACTION msf postfileshare show options ...show and set options... msf postfileshare run This...
Atlassian Confluence WebWork OGNL Injection
This module exploits an OGNL injection in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. Module Options msf use exploit/multi/http/atlassianconfluencewebworkognlinjection msf exploitatlassianconfluencewebworkognlinjection show targets ...targets... msf...
Kubernetes authenticated code execution
Execute a payload within a Kubernetes pod. Module Options msf use exploit/multi/kubernetes/exec msf exploitexec show targets ...targets... msf exploitexec set TARGET msf exploitexec show options ...show and set options... msf exploitexec exploit -- coding: binary -- This module requires Metasploi...
Microsoft OMI Management Interface Authentication Bypass
By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. Module Options msf use...
Apache 2.4.49/2.4.50 Traversal RCE
This module exploit an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 CVE-2021-41773. If files outside of the document root are not protected by 'require all denied' and CGI has been explicitly enabled, it can be used to execute arbitrary commands Remote Command Execution...
Sophos UTM WebAdmin SID Command Injection
This module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. Module Options msf use exploit/linux/http/sophosutmwebadminsidcmdinjection msf exploitsophosutmwebadminsidcmdinjection show targets ...targets... msf...
Apache 2.4.49/2.4.50 Traversal RCE scanner
This module scans for an unauthenticated RCE vulnerability which exists in Apache version 2.4.49 CVE-2021-41773. If files outside of the document root are not protected by 'require all denied' and CGI has been explicitly enabled, it can be used to execute arbitrary commands Remote Command...
Kubernetes Enumeration
Enumerate a Kubernetes API to report useful resources such as available namespaces, pods, secrets, etc. Useful resources will be highlighted using the HIGHLIGHTNAMEPATTERN option. Module Options msf use auxiliary/cloud/kubernetes/enumkubernetes msf auxiliaryenumkubernetes show actions ...actions...
Squid Proxy Range Header DoS
The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from multiple vulnerabilities triggered by specific HTTP requests and responses. These vulnerabilities allow remote attackers to cause a denial of service through specifically crafted requests. Module Options ms...
Moodle Teacher Enrollment Privilege Escalation to RCE
Moodle version 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and earlier unsupported versions allow for a teacher to exploit chain to RCE. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and thus look to add...
Moodle Admin Shell Upload
This module will generate a plugin which can receive a malicious payload request and upload it to a server running Moodle provided valid admin credentials are used. Then the payload is sent for execution, and the plugin uninstalled. You must have an admin account to exploit this vulnerability...
Moodle Authenticated Spelling Binary RCE
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...
Moodle SpellChecker Path Authenticated Remote Command Execution
Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This module was tested against Moodle version...
Netfilter x_tables Heap OOB Write Privilege Escalation
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This allows an attacker to gain privileges or cause a DoS via heap memory corruption through user name space. Kernels up to 5.11 including are vulnerable. More information about vulnerable...
VMware vCenter Server Analytics (CEIP) Service File Upload
This module exploits a file upload in VMware vCenter Server's analytics/telemetry CEIP service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default. Module Options msf use...
Diagnostic State
This module will keep the vehicle in a diagnostic state on rounds by sending tester present packet. Module Options msf use post/hardware/automotive/diagnosticstate msf postdiagnosticstate show actions ...actions... msf postdiagnosticstate set ACTION msf postdiagnosticstate show options ...show an...
ECU Hard Reset
This module performs hard reset in the ECU Reset Service Identifier 0x11. Module Options msf use post/hardware/automotive/ecuhardreset msf postecuhardreset show actions ...actions... msf postecuhardreset set ACTION msf postecuhardreset show options ...show and set options... msf postecuhardreset...
Internet Explorer Credential Gatherer
This module searches for Internet Explorer credentials on a Windows host. Module Options msf use post/windows/gather/credentials/ie msf postie show actions ...actions... msf postie set ACTION msf postie show options ...show and set options... msf postie run This module requires Metasploit:...
XChat Credential Gatherer
This module searches for XChat credentials on a Windows host. XChat is an IRC chat program for both Linux and Windows. Module Options msf use post/windows/gather/credentials/xchat msf postxchat show actions ...actions... msf postxchat set ACTION msf postxchat show options ...show and set options...
Coolnovo Credential Gatherer
This module searches for Coolnovo credentials on a Windows host. Module Options msf use post/windows/gather/credentials/coolnovo msf postcoolnovo show actions ...actions... msf postcoolnovo set ACTION msf postcoolnovo show options ...show and set options... msf postcoolnovo run This module requir...
QQ Credential Gatherer
This module searches for QQ credentials on a Windows host. Module Options msf use post/windows/gather/credentials/qq msf postqq show actions ...actions... msf postqq set ACTION msf postqq show options ...show and set options... msf postqq run This module requires Metasploit:...
Incredimail Credential Gatherer
This module searches for Incredimail credentials on a Windows host. Module Options msf use post/windows/gather/credentials/incredimail msf postincredimail show actions ...actions... msf postincredimail set ACTION msf postincredimail show options ...show and set options... msf postincredimail run...
LINE Credential Gatherer
This module searches for credentials in LINE desktop application on a Windows host. LINE is the most popular Instant Messenger app in Japan. Module Options msf use post/windows/gather/credentials/line msf postline show actions ...actions... msf postline set ACTION msf postline show options ...sho...
Opera Credential Gatherer
This module searches for Opera credentials on a Windows host. Module Options msf use post/windows/gather/credentials/opera msf postopera show actions ...actions... msf postopera set ACTION msf postopera show options ...show and set options... msf postopera run This module requires Metasploit:...
Postbox Credential Gatherer
This module searches for Postbox credentials on a Windows host. Module Options msf use post/windows/gather/credentials/postbox msf postpostbox show actions ...actions... msf postpostbox set ACTION msf postpostbox show options ...show and set options... msf postpostbox run This module requires...
ICQ Credential Gatherer
This module searches for ICQ credentials on a Windows host. Module Options msf use post/windows/gather/credentials/icq msf posticq show actions ...actions... msf posticq set ACTION msf posticq show options ...show and set options... msf posticq run This module requires Metasploit:...
Flock Credential Gatherer
This module searches for credentials stored in Flock on a Windows host. Module Options msf use post/windows/gather/credentials/flock msf postflock show actions ...actions... msf postflock set ACTION msf postflock show options ...show and set options... msf postflock run This module requires...
Digsby Credential Gatherer
This module searches for Digsby credentials on a Windows host. Module Options msf use post/windows/gather/credentials/digsby msf postdigsby show actions ...actions... msf postdigsby set ACTION msf postdigsby show options ...show and set options... msf postdigsby run This module requires Metasploi...
Maxthon Credential Gatherer
This module searches for Maxthon credentials on a Windows host. Module Options msf use post/windows/gather/credentials/maxthon msf postmaxthon show actions ...actions... msf postmaxthon set ACTION msf postmaxthon show options ...show and set options... msf postmaxthon run This module requires...
Windows Live Mail Credential Gatherer
This module searches for Windows Live Mail credentials on a Windows host. Module Options msf use post/windows/gather/credentials/windowslivemail msf postwindowslivemail show actions ...actions... msf postwindowslivemail set ACTION msf postwindowslivemail show options ...show and set options... ms...
K-Meleon Credential Gatherer
This module searches for K-Meleon credentials on a Windows host. Module Options msf use post/windows/gather/credentials/kmeleon msf postkmeleon show actions ...actions... msf postkmeleon set ACTION msf postkmeleon show options ...show and set options... msf postkmeleon run This module requires...
Chrome Credential Gatherer
This module searches for credentials stored on Chrome on a Windows host. Module Options msf use post/windows/gather/credentials/chrome msf postchrome show actions ...actions... msf postchrome set ACTION msf postchrome show options ...show and set options... msf postchrome run This module requires...
Safari Credential Gatherer
This module searches for Safari credentials on a Windows host. Module Options msf use post/windows/gather/credentials/safari msf postsafari show actions ...actions... msf postsafari set ACTION msf postsafari show options ...show and set options... msf postsafari run This module requires Metasploi...
KakaoTalk Credential Gatherer
This module searches for KakaoTalk credentials on a Windows host. KakaoTalk is a popular mobile messaging app most widely used in South Korea. Module Options msf use post/windows/gather/credentials/kakaotalk msf postkakaotalk show actions ...actions... msf postkakaotalk set ACTION msf postkakaota...
Comodo Credential Gatherer
This module searches for credentials stored in Comodo on a Windows host. Module Options msf use post/windows/gather/credentials/comodo msf postcomodo show actions ...actions... msf postcomodo set ACTION msf postcomodo show options ...show and set options... msf postcomodo run This module requires...
Seamonkey Credential Gatherer
This module searches for seamonkey credentials on a Windows host. Module Options msf use post/windows/gather/credentials/seamonkey msf postseamonkey show actions ...actions... msf postseamonkey set ACTION msf postseamonkey show options ...show and set options... msf postseamonkey run This module...
Gadugadu Credential Gatherer
This module searches for Gadugadu credentials on a Windows host. Gadu-Gadu is a Polish instant messaging client using a proprietary protocol. Gadu-Gadu was the most popular IM service in Poland. Module Options msf use post/windows/gather/credentials/gadugadu msf postgadugadu show actions...
Tango Credential Gatherer
This module searches for Tango credentials on a Windows host. Tango is a third-party, cross platform messaging application software for smartphones developed by TangoME, Inc. Module Options msf use post/windows/gather/credentials/tango msf posttango show actions ...actions... msf posttango set...
Tlen Credential Gatherer
This module searches for Tlen credentials on a Windows host. Tlen is a free Polish instant messaging service. Module Options msf use post/windows/gather/credentials/tlen msf posttlen show actions ...actions... msf posttlen set ACTION msf posttlen show options ...show and set options... msf posttl...
Srware Credential Gatherer
This module searches for Srware credentials on a Windows host. SRWare Iron is a Chromium-based web browser developed by the German company SRWare. Module Options msf use post/windows/gather/credentials/srware msf postsrware show actions ...actions... msf postsrware set ACTION msf postsrware show...
Viber Credential Gatherer
This module searches for credentials in Viber desktop application on a Windows host. Viber is a cross-platform voice over IP and instant messaging software application. Module Options msf use post/windows/gather/credentials/viber msf postviber show actions ...actions... msf postviber set ACTION m...
Operamail Credential Gatherer
This module searches for Operamail credentials on a Windows host. Module Options msf use post/windows/gather/credentials/operamail msf postoperamail show actions ...actions... msf postoperamail set ACTION msf postoperamail show options ...show and set options... msf postoperamail run This module...
Miranda Credential Gatherer
This module searches for Miranda credentials on a Windows host. Module Options msf use post/windows/gather/credentials/miranda msf postmiranda show actions ...actions... msf postmiranda set ACTION msf postmiranda show options ...show and set options... msf postmiranda run This module requires...
Thunderbird Credential Gatherer
This module searches for Thunderbird credentials on a Windows host. Module Options msf use post/windows/gather/credentials/thunderbird msf postthunderbird show actions ...actions... msf postthunderbird set ACTION msf postthunderbird show options ...show and set options... msf postthunderbird run...
Aim Credential Gatherer
This module searches for Aim credentials on a Windows host. Module Options msf use post/windows/gather/credentials/aim msf postaim show actions ...actions... msf postaim set ACTION msf postaim show options ...show and set options... msf postaim run This module requires Metasploit:...
Netgear PNPX_GetShareFolderList Authentication Bypass
This module targets an authentication bypass vulnerability in the minihttp binary of several Netgear Routers running firmware versions prior to 1.2.0.88, 1.0.1.80, 1.1.0.110, and 1.1.0.84. The vulnerability allows unauthenticated attackers to reveal the password for the admin user that is used to...
Direct windows syscall evasion technique
This module allows you to generate a Windows EXE that evades Host-based security products such as EDR/AVs. It uses direct windows syscalls to achieve stealthiness, and avoid EDR hooking. please try to use payloads that use a more secure transfer channel such as HTTPS or RC4 in order to avoid...