Metasploit Penetration Testing Framework
AIX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
AIX Command Shell, Find Port Inline
Spawn a shell on an established connection
AIX execve shell for inetd
Simply execve /bin/sh (for inetd programs)
AIX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
BSD Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
BSD Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
BSD Execute Command
Execute an arbitrary command
FreeBSD Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service
FreeBSD Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service
BSD Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)
BSD Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell (staged)
BSD Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)
BSD Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
BSD Command Shell, Find Port Inline
Spawn a shell on an established connection
BSD Command Shell, Find Tag Inline
Spawn a shell on an established connection (proxy/nat safe)
BSD Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
BSDi Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)
BSDi Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)
BSDi Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
BSDi Command Shell, Find Port Inline
Spawn a shell on an established connection
BSDi Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Unix Command Shell, Bind TCP (inetd)
Listen for a connection and spawn a command shell (persistent)
Unix Command Shell, Bind TCP (via netcat -e)
Listen for a connection and spawn a command shell via netcat
Unix Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl
Unix Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby
Unix Command, Generic command execution
Executes the supplied command
Unix Command, Interact with established connection
Interacts with a shell on an established socket connection
Unix Command Shell, Double reverse TCP (telnet)
Creates an interactive shell through two inbound connections
Unix Command Shell, Reverse TCP (/dev/tcp)
Creates an interactive shell via bash's builtin /dev/tcp. This will not work on most Debian-based Linux distributions (including Ubuntu) because they compile bash without the /dev/tcp feature.
Unix Command Shell, Reverse TCP (via netcat -e)
Creates an interactive shell via netcat
Unix Command Shell, Reverse TCP (via perl)
Creates an interactive shell via perl
Unix Command Shell, Reverse TCP (via Ruby)
Connect back and create a command shell via Ruby
Windows Execute net user /ADD CMD
Create a new user and add them to local administration group
Windows Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl (persistent)
Windows Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby
Windows Executable Download and Execute (via .vbs)
Download an EXE from an HTTP(S) URL and execute it
Windows Command, Double reverse TCP connection (via perl)
Creates an interactive shell via perl
Windows Command Shell, Reverse TCP (via Ruby)
Connect back and create a command shell via Ruby
Generic x86 Debug Trap
Generate a debug trap in the target process
Generic Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Generic Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Generic x86 Tight Loop
Generate a tight loop in the target process
Java JSP Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Java JSP Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Java Meterpreter, Java Bind TCP stager
Listen for a connection, Run a meterpreter server in Java
Java Meterpreter, Java Reverse TCP stager
Connect back stager, Run a meterpreter server in Java
Command Shell, Java Bind TCP stager
Listen for a connection, Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else)
Command Shell, Java Reverse TCP stager
Connect back stager, Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else)
Linux Execute Command
Execute an arbitrary command
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Linux Command Shell, Find Port Inline
Spawn a shell on an established connection
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Linux Command Shell, Find Port Inline
Spawn a shell on an established connection
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Add User
Create a new user with UID 0
Linux Chmod
Runs chmod on specified file with specified mode
Linux Execute Command
Execute an arbitrary command
Linux Meterpreter, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Staged meterpreter server
Linux Meterpreter, Bind TCP Stager
Listen for a connection, Staged meterpreter server
Linux Meterpreter, Find Tag Stager
Use an established connection, Staged meterpreter server
Linux Meterpreter, Reverse TCP Stager (IPv6)
Connect back to attacker over IPv6, Staged meterpreter server
Linux Meterpreter, Reverse TCP Stager
Connect back to the attacker, Staged meterpreter server
Linux Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service
Linux Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service
Linux Command Shell, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Spawn a command shell (staged)
Linux Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)
Linux Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell (staged)
Linux Command Shell, Reverse TCP Stager (IPv6)
Connect back to attacker over IPv6, Spawn a command shell (staged)
Linux Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)
Linux Command Shell, Bind TCP Inline (IPv6)
Listen for a connection over IPv6 and spawn a command shell
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Linux Command Shell, Find Port Inline
Spawn a shell on an established connection
Linux Command Shell, Find Tag Inline
Spawn a shell on an established connection (proxy/nat safe)
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Reverse TCP Inline - Metasm demo
Connect back to attacker and spawn a command shell
NetWare Command Shell, Reverse TCP Stager
Connect back to the attacker, Connect to the NetWare console (staged)
OSX Write and Execute Binary, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)
OSX Write and Execute Binary, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)
OSX Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)
OSX Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)
OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
OSX iPhone Vibrate
Causes the iPhone to vibrate, only works when the AudioToolkit library has been loaded. Based on work by Charlie Miller <cmiller[at]securityevaluators.com>.
OSX Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)
OSX Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell (staged)
OSX Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)
OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Mac OS X Inject Mach-O Bundle, Bind TCP Stager
Listen, read length, read buffer, execute, Inject a custom Mach-O bundle into the exploited process
Mac OS X Inject Mach-O Bundle, Reverse TCP Stager
Connect, read length, read buffer, execute, Inject a custom Mach-O bundle into the exploited process
OSX Execute Command
Execute an arbitrary command
Mac OS X x86 iSight photo capture, Bind TCP Stager
Listen, read length, read buffer, execute, Inject a Mach-O bundle to capture a photo from the iSight (staged)
Mac OS X x86 iSight photo capture, Reverse TCP Stager
Connect, read length, read buffer, execute, Inject a Mach-O bundle to capture a photo from the iSight (staged)
OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
OSX Command Shell, Find Port Inline
Spawn a shell on an established connection
OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
OSX (vfork) Command Shell, Bind TCP Stager
Listen, read length, read buffer, execute, Call vfork() if necessary and spawn a command shell (staged)
OSX (vfork) Command Shell, Reverse TCP Stager
Connect, read length, read buffer, execute, Call vfork() if necessary and spawn a command shell (staged)
OSX (vfork) Command Shell, Bind TCP Inline
Listen for a connection, vfork if necessary, and spawn a command shell
OSX (vfork) Command Shell, Reverse TCP Inline
Connect back to attacker, vfork if necessary, and spawn a command shell
PHP Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl (persistent)
PHP Command Shell, Bind TCP (via php)
Listen for a connection and spawn a command shell via php
PHP Executable Download and Execute
Download an EXE from an HTTP URL and execute it
PHP Execute Command
Execute a single system command
PHP Meterpreter, Bind TCP Stager
Listen for a connection, Run a meterpreter server in PHP
PHP Meterpreter, PHP Reverse TCP stager
Reverse PHP connect back stager with checks for disabled functions, Run a meterpreter server in PHP
PHP Meterpreter, Reverse TCP Inline
Connect back to attacker and spawn a Meterpreter server (PHP)
PHP Command, Double reverse TCP connection (via perl)
Creates an interactive shell via perl
PHP Command Shell, Reverse TCP (via php)
Reverse PHP connect back shell with checks for disabled functions
PHP Command Shell, Find Sock
Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless firewalls prevent them from working. The issue this payload takes advantage of (CLOEXEC flag not set on sockets) appears to have been patched on the Ubuntu version of Apache and may not work on other Debian-based distributions. Only tested on Apache but it might work on other web servers that leak file descriptors to child processes.
Solaris Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Solaris Command Shell, Find Port Inline
Spawn a shell on an established connection
Solaris Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Solaris Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Solaris Command Shell, Find Port Inline
Spawn a shell on an established connection
Solaris Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Unix TTY, Interact with established connection
Interacts with a TTY on an established socket connection
Windows Execute net user /ADD
Create a new user and add them to local administration group
Reflective Dll Injection, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Bind TCP Stager
Listen for a connection, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Find Tag Ordinal Stager
Use an established connection, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager
Connect back to the attacker, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Windows Executable Download and Execute
Download an EXE from an HTTP URL and execute it
Windows Execute Command
Execute an arbitrary command
Windows Meterpreter (Reflective Injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Bind TCP Stager
Listen for a connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager
Use an established connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager
Tunnel communication over HTTP using SSL, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse TCP Stager
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged)
http://www.harmonysecurity.co...
Windows Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service
Windows Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service
Windows Inject DLL, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a custom DLL into the exploited process
Windows Inject DLL, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a custom DLL into the exploited process
Windows Inject DLL, Bind TCP Stager
Listen for a connection, Inject a custom DLL into the exploited process
Windows Inject DLL, Find Tag Ordinal Stager
Use an established connection, Inject a custom DLL into the exploited process
Windows Inject DLL, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse TCP Stager
Connect back to the attacker, Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a custom DLL into the exploited process
Windows Meterpreter (skape/jt injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Bind TCP Stager
Listen for a connection, Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Find Tag Ordinal Stager
Use an established connection, Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Reverse TCP Stager
Connect back to the attacker, Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the meterpreter server DLL (staged)
Windows Meterpreter (skape/jt injection), Reverse TCP Stager (DNS)
Connect back to the attacker, Inject the meterpreter server DLL (staged)
Windows VNC Inject (skape/jt injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Bind TCP Stager
Listen for a connection, Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Find Tag Ordinal Stager
Use an established connection, Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Reverse TCP Stager
Connect back to the attacker, Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the VNC server DLL and run it from memory (staged)
Windows VNC Inject (skape/jt injection), Reverse TCP Stager (DNS)
Connect back to the attacker, Inject the VNC server DLL and run it from memory (staged)
Reflective Dll Injection, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Bind TCP Stager
Listen for a connection, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Find Tag Ordinal Stager
Use an established connection, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager
Connect back to the attacker, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Windows Meterpreter, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Bind TCP Stager
Listen for a connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Find Tag Ordinal Stager
Use an established connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Reverse TCP Stager
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Bind TCP Stager
Listen for a connection, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Find Tag Ordinal Stager
Use an established connection, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Reverse TCP Stager
Connect back to the attacker, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective VNC Dll Injection, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Windows Command Shell, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Spawn a piped command shell (staged)
Windows Command Shell, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Spawn a piped command shell (staged)
Windows Command Shell, Bind TCP Stager
Listen for a connection, Spawn a piped command shell (staged)
Windows Command Shell, Find Tag Ordinal Stager
Use an established connection, Spawn a piped command shell (staged)
Windows Command Shell, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Spawn a piped command shell (staged)
Windows Command Shell, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Spawn a piped command shell (staged)
Windows Command Shell, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Spawn a piped command shell (staged)
Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Spawn a piped command shell (staged)
Windows Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a piped command shell (staged)
Windows Command Shell, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Spawn a piped command shell (staged)
Windows Command Shell, Reverse TCP Stager (DNS)
Connect back to the attacker, Spawn a piped command shell (staged)
Windows Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Windows Disable Windows ICF, Command Shell, Bind TCP Inline
Disable the Windows ICF, then listen for a connection and spawn a command shell
Windows Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Windows Upload/Execute, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Uploads an executable and runs it (staged)
Windows Upload/Execute, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Uploads an executable and runs it (staged)
Windows Upload/Execute, Bind TCP Stager
Listen for a connection, Uploads an executable and runs it (staged)
Windows Upload/Execute, Find Tag Ordinal Stager
Use an established connection, Uploads an executable and runs it (staged)
Windows Upload/Execute, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Uploads an executable and runs it (staged)
Windows Upload/Execute, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Uploads an executable and runs it (staged)
Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Uploads an executable and runs it (staged)
Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Uploads an executable and runs it (staged)
Windows Upload/Execute, Reverse TCP Stager
Connect back to the attacker, Uploads an executable and runs it (staged)
Windows Upload/Execute, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Uploads an executable and runs it (staged)
Windows Upload/Execute, Reverse TCP Stager (DNS)
Connect back to the attacker, Uploads an executable and runs it (staged)
VNC Server (Reflective Injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Bind TCP Stager
Listen for a connection, Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Find Tag Ordinal Stager
Use an established connection, Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse TCP Stager
Connect back to the attacker, Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a VNC Dll via a reflective loader (staged)
http://www.harmonysecurity.co...
Windows x64 Execute Command
Execute an arbitrary command (Windows x64)
Windows x64 Meterpreter, Windows x64 Bind TCP Stager
Listen for a connection (Windows x64), Inject the meterpreter server DLL via the Reflective Dll Injection payload (Windows x64) (staged)
http://www.harmonysecurity.co...
Windows x64 Meterpreter, Windows x64 Reverse TCP Stager
Connect back to the attacker (Windows x64), Inject the meterpreter server DLL via the Reflective Dll Injection payload (Windows x64) (staged)
http://www.harmonysecurity.co...
Windows x64 Command Shell, Windows x64 Bind TCP Stager
Listen for a connection (Windows x64), Spawn a piped command shell (Windows x64) (staged)
Windows x64 Command Shell, Windows x64 Reverse TCP Stager
Connect back to the attacker (Windows x64), Spawn a piped command shell (Windows x64) (staged)
Windows x64 Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell (Windows x64)
Windows x64 Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell (Windows x64)
Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager
Listen for a connection (Windows x64), Inject a VNC Dll via a reflective loader (Windows x64) (staged)
http://www.harmonysecurity.co...
Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager
Connect back to the attacker (Windows x64), Inject a VNC Dll via a reflective loader (Windows x64) (staged)
http://www.harmonysecurity.co...
Metasploit Framework
Copyright © 2003-2010 Rapid7 LLC
Rapid7 Privacy Statement
Rapid7 Privacy Statement