6843 matches found
Nagios3 history.cgi Host Command Execution
This module abuses a command injection vulnerability in the Nagios3 history.cgi script. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios3 history.cgi Host Command Execution', 'Description...
WordPress W3-Total-Cache Plugin 0.9.2.4 (or before) Username and Hash Extract
The W3-Total-Cache Wordpress Plugin 'WordPress W3-Total-Cache Plugin 0.9.2.4 or before Username and Hash Extract', 'Description' = "The W3-Total-Cache Wordpress Plugin = 0.9.2.4 can cache database statements and its results in files for fast access. Version 0.9.2.4 has been fixed afterwards so it...
Windows Gather BulletProof FTP Client Saved Password Extraction
This module extracts information from BulletProof FTP Bookmarks files and store retrieved credentials in the database. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather BulletProof...
Freesshd Authentication Bypass
This module exploits a vulnerability found in FreeSSHd "Freesshd Authentication Bypass", 'Description' = %q This module exploits a vulnerability found in FreeSSHd MSFLICENSE, 'Author' = 'Aris', Vulnerability discovery and Exploit 'kcope', 2012 Exploit 'Daniele Martini ', Metasploit module 'Imran ...
HTTP SSL Certificate Impersonation
This module request a copy of the remote SSL certificate and creates a local self.signed version using the information from the remote version. The module then Outputs PEM|DER format private key / certificate and a combined version for use in Apache or other Metasploit modules requiring SSLCert...
Ruby Command Shell, Bind TCP IPv6
Continually listen for a connection and spawn a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 524 include Msf::Payload::Single include Msf::Payload::Ruby...
Ruby Command Shell, Reverse TCP
Connect back and create a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 516 include Msf::Payload::Single include Msf::Payload::Ruby include...
Ruby Command Shell, Bind TCP
Continually listen for a connection and spawn a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 516 include Msf::Payload::Single include Msf::Payload::Ruby...
Java Applet JMX Remote Code Execution
This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier. This module requires Metasploit: https://metasploit.com/download Current source:...
BloXor - A Metamorphic Block Based XOR Encoder
A Metamorphic Block Based XOR Encoder. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/encoder/bloxor/bloxor' BloXor is a cross architecture metamorphic block based xor encoder/decoder for Metasploit...
Ruby on Rails XML Processor YAML Deserialization Code Execution
This module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application...
MS11-081 Microsoft Internet Explorer Option Element Use-After-Free
This module exploits a vulnerability in Microsoft Internet Explorer. A memory corruption may occur when the Option cache isn't updated properly, which allows other JavaScript methods to access a deleted Option element, and results in code execution under the context of the user. This module...
Ruby on Rails XML Processor YAML Deserialization Scanner
This module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby ...
Honeywell Tema Remote Installer ActiveX Remote Code Execution
This module exploits a vulnerability found in the Honeywell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This module has been...
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
This module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerabl...
IBM Cognos tm1admsd.exe Overflow
This module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested...
Wordpress Pingback Locator
This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the API an attacker can cause the wordpress site to port scan an external target and return results. Refer to the wordpresspingbackportscanner module. This issue was fixed in wordpress 3.5.1 This module...
Windows Gather Google Chrome User Data Enumeration
This module will collect user data from Google Chrome and attempt to decrypt sensitive information. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Google Chrome User Data...
Distributed Ruby Remote Code Execution
This module exploits remote code execution vulnerabilities in dRuby...
JBoss JMX Console Beanshell Deployer WAR Upload and Deployment
This module can be used to install a WAR file payload on JBoss servers that have an exposed "jmx-console" application. The payload is put on the server by using the jboss.system:BSHDeployer's createScriptDeployment method. This module requires Metasploit: https://metasploit.com/download Current...
Windows Gather Local and Domain Controller Account Password Hashes
This will dump local accounts from the SAM Database. If the target host is a Domain Controller, it will dump the Domain Account Database using the proper technique depending on privilege level, OS and role of the host. This module requires Metasploit: https://metasploit.com/download Current sourc...
Enterasys NetSight nssyslogd.exe Buffer Overflow
This module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service nssylogd.exe when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003...
John the Ripper MS SQL Password Cracker (Fast Mode)
This module uses John the Ripper to identify weak passwords that have been acquired from the mssqlhashdump module. Passwords that have been successfully cracked are then saved as proper credentials...
John the Ripper Linux Password Cracker
This module uses John the Ripper to identify weak passwords that have been acquired from unshadowed passwd files from Unix systems. The module will only crack MD5, BSDi and DES implementations by default. Set Crypt to true to also try to crack Blowfish and SHA256/512. Warning: This is much slower...
MSSQL Password Hashdump
This module extracts the usernames and encrypted password hashes from a MSSQL server and stores them for later cracking. This module also saves information about the server version and table names, which can be used to seed the wordlist. This module requires Metasploit:...
FTP Authentication Scanner
This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. This module requires Metasploit: https://metasploit.com/download...
POP3 Login Utility
This module attempts to authenticate to an POP3 service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/pop3' require 'metasploit/framework/credentialcollection' class...
WordPress Plugin Advanced Custom Fields Remote File Inclusion
This module exploits a remote file inclusion flaw in the WordPress blogging software plugin known as Advanced Custom Fields. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. The Advanced Custom Fields plug-in versions 3.5.1 and below are...
Windows Meterpreter (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Windows Meterpreter (skape/jt Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
Inject the meterpreter server DLL staged. Listen for a connection -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 415 include Msf::Payload::Stager include...
VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
Inject a VNC Dll via a reflective loader staged. Listen for a connection -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 415 include Msf::Payload::Stager inclu...
Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Uploads an executable and runs it staged. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 413 include Msf::Payload::Stager include...
Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Spawn a piped command shell staged. Listen for a connection -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 415 include Msf::Payload::Stager include...
Reflective DLL Injection, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Inject a DLL via a reflective loader. Listen for a connection -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 415 include Msf::Payload::Stager include...
Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject the meterpreter server DLL staged. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 413 include Msf::Payload::Stager include...
Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject a DLL via a reflective loader. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 413 include Msf::Payload::Stager include...
Windows Inject DLL, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Inject a custom DLL into the exploited process. Listen for a connection -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 415 include Msf::Payload::Stager includ...
Windows Inject DLL, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject a custom DLL into the exploited process. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 413 include Msf::Payload::Stager...
VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject a VNC Dll via a reflective loader staged. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 413 include Msf::Payload::Stager...
Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Spawn a piped command shell staged. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 413 include Msf::Payload::Stager include...
Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Uploads an executable and runs it staged. Listen for a connection -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 415 include Msf::Payload::Stager include...
Windows Meterpreter (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Listen for a connection -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module...
MS13-008 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability
This module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the...
eXtplorer v2.1 Arbitrary File Upload Vulnerability
This module exploits an authentication bypass vulnerability in eXtplorer versions 2.1.0 to 2.1.2 and 2.1.0RC5 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to any writable directory...
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
This module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "AttachmentTimes" property, due to the insecure usage of the swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX...
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
This module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "AttachmentTimes" property, due to the insecure usage of the swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. Thi...
Windows Gather Spark IM Password Extraction
This module will enumerate passwords stored by the Spark IM client. The encryption key is publicly known. This module will not only extract encrypted password but will also decrypt password using public key. This module requires Metasploit: https://metasploit.com/download Current source:...
RealPlayer RealMedia File Handling Buffer Overflow
This module exploits a stack based buffer overflow on RealPlayer 'RealPlayer RealMedia File Handling Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow on RealPlayer MSFLICENSE, 'Author'...
WordPress Asset-Manager PHP File Upload Vulnerability
This module exploits a vulnerability found in Asset-Manager 'WordPress Asset-Manager PHP File Upload Vulnerability', 'Description' = %q This module exploits a vulnerability found in Asset-Manager 'Sammy FORGIT', initial discovery 'James Fitts ' metasploit module , 'License' = MSFLICENSE,...
WordPress WP-Property PHP File Upload Vulnerability
This module exploits a vulnerability found in WP-Property 'WordPress WP-Property PHP File Upload Vulnerability', 'Description' = %q This module exploits a vulnerability found in WP-Property 'Sammy FORGIT', initial discovery 'James Fitts ' metasploit module , 'License' = MSFLICENSE, 'References' =...