Metasploit Penetration Testing Framework
AIX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
AIX Command Shell, Find Port Inline
Spawn a shell on an established connection
AIX execve shell for inetd
Simply execve /bin/sh (for inetd programs)
AIX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
BSD Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
BSD Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
BSD Execute Command
Execute an arbitrary command
FreeBSD Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service
FreeBSD Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service
BSD Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell
BSD Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell
BSD Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell
BSD Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
BSD Command Shell, Find Port Inline
Spawn a shell on an established connection
BSD Command Shell, Find Tag Inline
Spawn a shell on an established connection (proxy/nat safe)
BSD Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
BSDi Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell
BSDi Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell
BSDi Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
BSDi Command Shell, Find Port Inline
Spawn a shell on an established connection
BSDi Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Unix Command Shell, Bind TCP (inetd)
Listen for a connection and spawn a command shell (persistent)
Unix Command Shell, Bind TCP (via netcat -e)
Listen for a connection and spawn a command shell via netcat
Unix Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl
Unix Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby
Unix Command, Generic command execution
Executes the supplied command
Unix Command, Interact with established connection
Interacts with a shell on an established socket connection
Unix Command Shell, Double reverse TCP (telnet)
Creates an interactive shell through two inbound connections
Unix Command Shell, Reverse TCP (/dev/tcp)
Creates an interactive shell via bash's builtin /dev/tcp. This will not work on most Debian-based Linux distributions (including Ubuntu) because they compile bash without the /dev/tcp feature.
Unix Command Shell, Reverse TCP (via netcat -e)
Creates an interactive shell via netcat
Unix Command Shell, Reverse TCP (via perl)
Creates an interactive shell via perl
Unix Command Shell, Reverse TCP (via Ruby)
Connect back and create a command shell via Ruby
Windows Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl (persistent)
Windows Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby
Windows Command, Double reverse TCP connection (via perl)
Creates an interactive shell via perl
Windows Command Shell, Reverse TCP (via Ruby)
Connect back and create a command shell via Ruby
Generic x86 Debug Trap
Generate a debug trap in the target process
Generic Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Generic Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Java JSP Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Java JSP Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Linux Command Shell, Find Port Inline
Spawn a shell on an established connection
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Linux Command Shell, Find Port Inline
Spawn a shell on an established connection
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Add User
Create a new user with UID 0
Linux Chmod
Runs chmod on specified file with specified mode
Linux Execute Command
Execute an arbitrary command
Linux Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service
Linux Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service
Linux Command Shell, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Spawn a command shell
Linux Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell
Linux Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell
Linux Command Shell, Reverse TCP Stager (IPv6)
Connect back to attacker over IPv6, Spawn a command shell
Linux Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell
Linux Command Shell, Bind TCP Inline (IPv6)
Listen for a connection over IPv6 and spawn a command shell
Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Linux Command Shell, Find Port Inline
Spawn a shell on an established connection
Linux Command Shell, Find Tag Inline
Spawn a shell on an established connection (proxy/nat safe)
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Linux Command Shell, Reverse TCP Inline - Metasm demo
Connect back to attacker and spawn a command shell
NetWare Command Shell, Reverse TCP Stager
Connect back to the attacker, Connect to the NetWare console
OSX Write and Execute Binary, Bind TCP Stager
Listen for a connection, Spawn a command shell
OSX Write and Execute Binary, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell
OSX Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell
OSX Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell
OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
OSX iPhone Vibrate
Causes the iPhone to vibrate, only works when the AudioToolkit library has been loaded. Based on work by Charlie Miller <cmiller[at]securityevaluators.com>.
OSX Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell
OSX Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell
OSX Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell
OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Mac OS X Inject Mach-O Bundle, Bind TCP Stager
Listen, read length, read buffer, execute, Inject a custom Mach-O bundle into the exploited process
Mac OS X Inject Mach-O Bundle, Reverse TCP Stager
Connect, read length, read buffer, execute, Inject a custom Mach-O bundle into the exploited process
OSX Execute Command
Execute an arbitrary command
Mac OS X x86 iSight photo capture, Bind TCP Stager
Listen, read length, read buffer, execute, Inject a Mach-O bundle to capture a photo from the iSight
Mac OS X x86 iSight photo capture, Reverse TCP Stager
Connect, read length, read buffer, execute, Inject a Mach-O bundle to capture a photo from the iSight
OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
OSX Command Shell, Find Port Inline
Spawn a shell on an established connection
OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
OSX (vfork) Command Shell, Bind TCP Stager
Listen, read length, read buffer, execute, Call vfork() if necessary and spawn a command shell
OSX (vfork) Command Shell, Reverse TCP Stager
Connect, read length, read buffer, execute, Call vfork() if necessary and spawn a command shell
OSX (vfork) Command Shell, Bind TCP Inline
Listen for a connection, vfork if necessary, and spawn a command shell
OSX (vfork) Command Shell, Reverse TCP Inline
Connect back to attacker, vfork if necessary, and spawn a command shell
PHP Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl (persistent)
PHP Command Shell, Bind TCP (via php)
Listen for a connection and spawn a command shell via php
PHP Executable Download and Execute
Download an EXE from a HTTP URL and execute it
PHP Execute Command
Execute a single system command
PHP Command, Double reverse TCP connection (via perl)
Creates an interactive shell via perl
PHP Command Shell, Reverse TCP (via php)
Reverse PHP connect back shell with checks for disabled functions
PHP Command Shell, Find Port
Spawn a shell on the established connection to the webserver. Unfortunately, this payload leaves conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless firewalls prevent them from working. The issue this payload takes advantage of (CLOEXEC flag not set on sockets) appears to have been patched on the Ubuntu version of Apache and may not work on other Debian-based distributions. Only tested on Apache but it might work on other web servers that leak file descriptors to child processes.
Solaris Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Solaris Command Shell, Find Port Inline
Spawn a shell on an established connection
Solaris Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Solaris Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Solaris Command Shell, Find Port Inline
Spawn a shell on an established connection
Solaris Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Unix TTY, Interact with established connection
Interacts with a TTY on an established socket connection
Windows Execute net user /ADD
Create a new user and add them to local administration group
Reflective Dll Injection, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Bind TCP Stager
Listen for a connection, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Find Tag Ordinal Stager
Use an established connection, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse TCP Stager
Connect back to the attacker, Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Reflective Dll Injection, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a Dll via a reflective loader
http://www.harmonysecurity.co...
Windows Executable Download and Execute
Download an EXE from a HTTP URL and execute it
Windows Execute Command
Execute an arbitrary command
Windows Meterpreter (Reflective Injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Bind TCP Stager
Listen for a connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager
Use an established connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse TCP Stager
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the meterpreter server DLL via the Reflective Dll Injection payload
http://www.harmonysecurity.co...
Windows Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service
Windows Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service
Windows Inject DLL, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a custom DLL into the exploited process
Windows Inject DLL, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a custom DLL into the exploited process
Windows Inject DLL, Bind TCP Stager
Listen for a connection, Inject a custom DLL into the exploited process
Windows Inject DLL, Find Tag Ordinal Stager
Use an established connection, Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse TCP Stager
Connect back to the attacker, Inject a custom DLL into the exploited process
Windows Inject DLL, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a custom DLL into the exploited process
Windows Meterpreter (skape/jt injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the meterpreter server DLL
Windows Meterpreter (skape/jt injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the meterpreter server DLL
Windows Meterpreter (skape/jt injection), Bind TCP Stager
Listen for a connection, Inject the meterpreter server DLL
Windows Meterpreter (skape/jt injection), Find Tag Ordinal Stager
Use an established connection, Inject the meterpreter server DLL
Windows Meterpreter (skape/jt injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the meterpreter server DLL
Windows Meterpreter (skape/jt injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the meterpreter server DLL
Windows Meterpreter (skape/jt injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the meterpreter server DLL
Windows Meterpreter (skape/jt injection), Reverse TCP Stager
Connect back to the attacker, Inject the meterpreter server DLL
Windows Meterpreter (skape/jt injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the meterpreter server DLL
Windows VNC Inject (skape/jt injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the VNC server DLL and run it from memory
Windows VNC Inject (skape/jt injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the VNC server DLL and run it from memory
Windows VNC Inject (skape/jt injection), Bind TCP Stager
Listen for a connection, Inject the VNC server DLL and run it from memory
Windows VNC Inject (skape/jt injection), Find Tag Ordinal Stager
Use an established connection, Inject the VNC server DLL and run it from memory
Windows VNC Inject (skape/jt injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the VNC server DLL and run it from memory
Windows VNC Inject (skape/jt injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the VNC server DLL and run it from memory
Windows VNC Inject (skape/jt injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the VNC server DLL and run it from memory
Windows VNC Inject (skape/jt injection), Reverse TCP Stager
Connect back to the attacker, Inject the VNC server DLL and run it from memory
Windows VNC Inject (skape/jt injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the VNC server DLL and run it from memory
Windows Command Shell, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Spawn a piped command shell
Windows Command Shell, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Spawn a piped command shell
Windows Command Shell, Bind TCP Stager
Listen for a connection, Spawn a piped command shell
Windows Command Shell, Find Tag Ordinal Stager
Use an established connection, Spawn a piped command shell
Windows Command Shell, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Spawn a piped command shell
Windows Command Shell, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Spawn a piped command shell
Windows Command Shell, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Spawn a piped command shell
Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Spawn a piped command shell
Windows Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a piped command shell
Windows Command Shell, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Spawn a piped command shell
Windows Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell
Windows Disable Windows ICF, Command Shell, Bind TCP Inline
Disable the Windows ICF, then listen for a connection and spawn a command shell
Windows Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell
Windows Upload/Execute, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Uploads an executable and runs it
Windows Upload/Execute, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Uploads an executable and runs it
Windows Upload/Execute, Bind TCP Stager
Listen for a connection, Uploads an executable and runs it
Windows Upload/Execute, Find Tag Ordinal Stager
Use an established connection, Uploads an executable and runs it
Windows Upload/Execute, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Uploads an executable and runs it
Windows Upload/Execute, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Uploads an executable and runs it
Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Uploads an executable and runs it
Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Uploads an executable and runs it
Windows Upload/Execute, Reverse TCP Stager
Connect back to the attacker, Uploads an executable and runs it
Windows Upload/Execute, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Uploads an executable and runs it
VNC Server (Reflective Injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Bind TCP Stager
Listen for a connection, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Find Tag Ordinal Stager
Use an established connection, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse TCP Stager
Connect back to the attacker, Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
VNC Server (Reflective Injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a VNC Dll via a reflective loader
http://www.harmonysecurity.co...
Windows x64 Execute Command
Execute an arbitrary command (Windows x64)
Windows x64 Meterpreter, Windows x64 Bind TCP Stager
Listen for a connection (Windows x64), Inject the meterpreter server DLL via the Reflective Dll Injection payload (Windows x64)
http://www.harmonysecurity.co...
Windows x64 Meterpreter, Windows x64 Reverse TCP Stager
Connect back to the attacker (Windows x64), Inject the meterpreter server DLL via the Reflective Dll Injection payload (Windows x64)
http://www.harmonysecurity.co...
Windows x64 Command Shell, Windows x64 Bind TCP Stager
Listen for a connection (Windows x64), Spawn a piped command shell (Windows x64)
Windows x64 Command Shell, Windows x64 Reverse TCP Stager
Connect back to the attacker (Windows x64), Spawn a piped command shell (Windows x64)
Windows x64 Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell (Windows x64)
Windows x64 Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell (Windows x64)
Metasploit Framework 3.3.3Copyright © 2003-2010 Rapid7 LLC