Metasploit Penetration Testing Framework


OSVDB: CVE:
BID: MSB:
TEXT:


AIX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

AIX Command Shell, Find Port Inline
Spawn a shell on an established connection

AIX execve shell for inetd
Simply execve /bin/sh (for inetd programs)

AIX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

BSD Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

BSD Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

BSD Execute Command
Execute an arbitrary command

FreeBSD Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service

FreeBSD Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service

BSD Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)

BSD Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell (staged)

BSD Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)

BSD Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

BSD Command Shell, Find Port Inline
Spawn a shell on an established connection

BSD Command Shell, Find Tag Inline
Spawn a shell on an established connection (proxy/nat safe)

BSD Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

BSDi Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)

BSDi Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)

BSDi Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

BSDi Command Shell, Find Port Inline
Spawn a shell on an established connection

BSDi Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Unix Command Shell, Bind TCP (inetd)
Listen for a connection and spawn a command shell (persistent)

Unix Command Shell, Bind TCP (via netcat -e)
Listen for a connection and spawn a command shell via netcat

Unix Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl

Unix Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby

Unix Command, Generic command execution
Executes the supplied command

Unix Command, Interact with established connection
Interacts with a shell on an established socket connection

Unix Command Shell, Double reverse TCP (telnet)
Creates an interactive shell through two inbound connections

Unix Command Shell, Reverse TCP (/dev/tcp)
Creates an interactive shell via bash's builtin /dev/tcp. This will not work on most Debian-based Linux distributions (including Ubuntu) because they compile bash without the /dev/tcp feature.

Unix Command Shell, Reverse TCP (via netcat -e)
Creates an interactive shell via netcat

Unix Command Shell, Reverse TCP (via perl)
Creates an interactive shell via perl

Unix Command Shell, Reverse TCP (via Ruby)
Connect back and create a command shell via Ruby

Windows Execute net user /ADD CMD
Create a new user and add them to local administration group

Windows Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl (persistent)

Windows Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby

Windows Executable Download and Execute (via .vbs)
Download an EXE from an HTTP(S) URL and execute it

Windows Command, Double reverse TCP connection (via perl)
Creates an interactive shell via perl

Windows Command Shell, Reverse TCP (via Ruby)
Connect back and create a command shell via Ruby

Generic x86 Debug Trap
Generate a debug trap in the target process

Generic Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

Generic Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Generic x86 Tight Loop
Generate a tight loop in the target process

Java JSP Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

Java JSP Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Java Meterpreter, Java Bind TCP stager
Listen for a connection, Run a meterpreter server in Java

Java Meterpreter, Java Reverse TCP stager
Connect back stager, Run a meterpreter server in Java

Command Shell, Java Bind TCP stager
Listen for a connection, Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else)

Command Shell, Java Reverse TCP stager
Connect back stager, Spawn a piped command shell (cmd.exe on Windows, /bin/sh everywhere else)

Linux Execute Command
Execute an arbitrary command

Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

Linux Command Shell, Find Port Inline
Spawn a shell on an established connection

Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

Linux Command Shell, Find Port Inline
Spawn a shell on an established connection

Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Linux Add User
Create a new user with UID 0

Linux Chmod
Runs chmod on specified file with specified mode

Linux Execute Command
Execute an arbitrary command

Linux Meterpreter, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Staged meterpreter server

Linux Meterpreter, Bind TCP Stager
Listen for a connection, Staged meterpreter server

Linux Meterpreter, Find Tag Stager
Use an established connection, Staged meterpreter server

Linux Meterpreter, Reverse TCP Stager (IPv6)
Connect back to attacker over IPv6, Staged meterpreter server

Linux Meterpreter, Reverse TCP Stager
Connect back to the attacker, Staged meterpreter server

Linux Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service

Linux Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service

Linux Command Shell, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Spawn a command shell (staged)

Linux Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)

Linux Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell (staged)

Linux Command Shell, Reverse TCP Stager (IPv6)
Connect back to attacker over IPv6, Spawn a command shell (staged)

Linux Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)

Linux Command Shell, Bind TCP Inline (IPv6)
Listen for a connection over IPv6 and spawn a command shell

Linux Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

Linux Command Shell, Find Port Inline
Spawn a shell on an established connection

Linux Command Shell, Find Tag Inline
Spawn a shell on an established connection (proxy/nat safe)

Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Linux Command Shell, Reverse TCP Inline - Metasm demo
Connect back to attacker and spawn a command shell

NetWare Command Shell, Reverse TCP Stager
Connect back to the attacker, Connect to the NetWare console (staged)

OSX Write and Execute Binary, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)

OSX Write and Execute Binary, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)

OSX Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)

OSX Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)

OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

OSX iPhone Vibrate
Causes the iPhone to vibrate, only works when the AudioToolkit library has been loaded. Based on work by Charlie Miller <cmiller[at]securityevaluators.com>.

OSX Command Shell, Bind TCP Stager
Listen for a connection, Spawn a command shell (staged)

OSX Command Shell, Find Tag Stager
Use an established connection, Spawn a command shell (staged)

OSX Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a command shell (staged)

OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Mac OS X Inject Mach-O Bundle, Bind TCP Stager
Listen, read length, read buffer, execute, Inject a custom Mach-O bundle into the exploited process

Mac OS X Inject Mach-O Bundle, Reverse TCP Stager
Connect, read length, read buffer, execute, Inject a custom Mach-O bundle into the exploited process

OSX Execute Command
Execute an arbitrary command

Mac OS X x86 iSight photo capture, Bind TCP Stager
Listen, read length, read buffer, execute, Inject a Mach-O bundle to capture a photo from the iSight (staged)

Mac OS X x86 iSight photo capture, Reverse TCP Stager
Connect, read length, read buffer, execute, Inject a Mach-O bundle to capture a photo from the iSight (staged)

OSX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

OSX Command Shell, Find Port Inline
Spawn a shell on an established connection

OSX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

OSX (vfork) Command Shell, Bind TCP Stager
Listen, read length, read buffer, execute, Call vfork() if necessary and spawn a command shell (staged)

OSX (vfork) Command Shell, Reverse TCP Stager
Connect, read length, read buffer, execute, Call vfork() if necessary and spawn a command shell (staged)

OSX (vfork) Command Shell, Bind TCP Inline
Listen for a connection, vfork if necessary, and spawn a command shell

OSX (vfork) Command Shell, Reverse TCP Inline
Connect back to attacker, vfork if necessary, and spawn a command shell

PHP Command Shell, Bind TCP (via perl)
Listen for a connection and spawn a command shell via perl (persistent)

PHP Command Shell, Bind TCP (via php)
Listen for a connection and spawn a command shell via php

PHP Executable Download and Execute
Download an EXE from an HTTP URL and execute it

PHP Execute Command
Execute a single system command

PHP Meterpreter, Bind TCP Stager
Listen for a connection, Run a meterpreter server in PHP

PHP Meterpreter, PHP Reverse TCP stager
Reverse PHP connect back stager with checks for disabled functions, Run a meterpreter server in PHP

PHP Meterpreter, Reverse TCP Inline
Connect back to attacker and spawn a Meterpreter server (PHP)

PHP Command, Double reverse TCP connection (via perl)
Creates an interactive shell via perl

PHP Command Shell, Reverse TCP (via php)
Reverse PHP connect back shell with checks for disabled functions

PHP Command Shell, Find Sock
Spawn a shell on the established connection to the webserver. Unfortunately, this payload can leave conspicuous evil-looking entries in the apache error logs, so it is probably a good idea to use a bind or reverse shell unless firewalls prevent them from working. The issue this payload takes advantage of (CLOEXEC flag not set on sockets) appears to have been patched on the Ubuntu version of Apache and may not work on other Debian-based distributions. Only tested on Apache but it might work on other web servers that leak file descriptors to child processes.

Solaris Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

Solaris Command Shell, Find Port Inline
Spawn a shell on an established connection

Solaris Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Solaris Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

Solaris Command Shell, Find Port Inline
Spawn a shell on an established connection

Solaris Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Unix TTY, Interact with established connection
Interacts with a TTY on an established socket connection

Windows Execute net user /ADD
Create a new user and add them to local administration group

Reflective Dll Injection, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Bind TCP Stager
Listen for a connection, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Find Tag Ordinal Stager
Use an established connection, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse TCP Stager
Connect back to the attacker, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Windows Executable Download and Execute
Download an EXE from an HTTP URL and execute it

Windows Execute Command
Execute an arbitrary command

Windows Meterpreter (Reflective Injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Bind TCP Stager
Listen for a connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager
Use an established connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager
Tunnel communication over HTTP using SSL, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Reverse TCP Stager
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload (staged) http://www.harmonysecurity.co...

Windows Meterpreter Service, Bind TCP
Stub payload for interacting with a Meterpreter Service

Windows Meterpreter Service, Reverse TCP Inline
Stub payload for interacting with a Meterpreter Service

Windows Inject DLL, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a custom DLL into the exploited process

Windows Inject DLL, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a custom DLL into the exploited process

Windows Inject DLL, Bind TCP Stager
Listen for a connection, Inject a custom DLL into the exploited process

Windows Inject DLL, Find Tag Ordinal Stager
Use an established connection, Inject a custom DLL into the exploited process

Windows Inject DLL, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a custom DLL into the exploited process

Windows Inject DLL, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a custom DLL into the exploited process

Windows Inject DLL, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a custom DLL into the exploited process

Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a custom DLL into the exploited process

Windows Inject DLL, Reverse TCP Stager
Connect back to the attacker, Inject a custom DLL into the exploited process

Windows Inject DLL, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a custom DLL into the exploited process

Windows Inject DLL, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a custom DLL into the exploited process

Windows Meterpreter (skape/jt injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Bind TCP Stager
Listen for a connection, Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Find Tag Ordinal Stager
Use an established connection, Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Reverse TCP Stager
Connect back to the attacker, Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the meterpreter server DLL (staged)

Windows Meterpreter (skape/jt injection), Reverse TCP Stager (DNS)
Connect back to the attacker, Inject the meterpreter server DLL (staged)

Windows VNC Inject (skape/jt injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Bind TCP Stager
Listen for a connection, Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Find Tag Ordinal Stager
Use an established connection, Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Reverse TCP Stager
Connect back to the attacker, Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the VNC server DLL and run it from memory (staged)

Windows VNC Inject (skape/jt injection), Reverse TCP Stager (DNS)
Connect back to the attacker, Inject the VNC server DLL and run it from memory (staged)

Reflective Dll Injection, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Bind TCP Stager
Listen for a connection, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Find Tag Ordinal Stager
Use an established connection, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse TCP Stager
Connect back to the attacker, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Reflective Dll Injection, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a Dll via a reflective loader http://www.harmonysecurity.co...

Windows Meterpreter, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Bind TCP Stager
Listen for a connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Find Tag Ordinal Stager
Use an established connection, Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Reverse TCP Stager
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Windows Meterpreter, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject the meterpreter server DLL via the Reflective Dll Injection payload http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Bind TCP Stager
Listen for a connection, Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Find Tag Ordinal Stager
Use an established connection, Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Reverse TCP Stager
Connect back to the attacker, Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Reflective VNC Dll Injection, Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a VNC Dll via a reflective loader http://www.harmonysecurity.co...

Windows Command Shell, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Spawn a piped command shell (staged)

Windows Command Shell, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Spawn a piped command shell (staged)

Windows Command Shell, Bind TCP Stager
Listen for a connection, Spawn a piped command shell (staged)

Windows Command Shell, Find Tag Ordinal Stager
Use an established connection, Spawn a piped command shell (staged)

Windows Command Shell, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Spawn a piped command shell (staged)

Windows Command Shell, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Spawn a piped command shell (staged)

Windows Command Shell, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Spawn a piped command shell (staged)

Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Spawn a piped command shell (staged)

Windows Command Shell, Reverse TCP Stager
Connect back to the attacker, Spawn a piped command shell (staged)

Windows Command Shell, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Spawn a piped command shell (staged)

Windows Command Shell, Reverse TCP Stager (DNS)
Connect back to the attacker, Spawn a piped command shell (staged)

Windows Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell

Windows Disable Windows ICF, Command Shell, Bind TCP Inline
Disable the Windows ICF, then listen for a connection and spawn a command shell

Windows Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell

Windows Upload/Execute, Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Uploads an executable and runs it (staged)

Windows Upload/Execute, Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Uploads an executable and runs it (staged)

Windows Upload/Execute, Bind TCP Stager
Listen for a connection, Uploads an executable and runs it (staged)

Windows Upload/Execute, Find Tag Ordinal Stager
Use an established connection, Uploads an executable and runs it (staged)

Windows Upload/Execute, PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Uploads an executable and runs it (staged)

Windows Upload/Execute, Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Uploads an executable and runs it (staged)

Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Uploads an executable and runs it (staged)

Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Uploads an executable and runs it (staged)

Windows Upload/Execute, Reverse TCP Stager
Connect back to the attacker, Uploads an executable and runs it (staged)

Windows Upload/Execute, Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Uploads an executable and runs it (staged)

Windows Upload/Execute, Reverse TCP Stager (DNS)
Connect back to the attacker, Uploads an executable and runs it (staged)

VNC Server (Reflective Injection), Bind TCP Stager (IPv6)
Listen for a connection over IPv6, Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)
Listen for a connection (No NX), Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Bind TCP Stager
Listen for a connection, Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Find Tag Ordinal Stager
Use an established connection, Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), PassiveX Reverse HTTP Tunneling Stager
Tunnel communication over HTTP using IE 6, Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
Connect back to the attacker over IPv6, Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)
Connect back to the attacker (No NX), Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
Connect back to the attacker, Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Reverse TCP Stager
Connect back to the attacker, Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Reverse All-Port TCP Stager
Try to connect back to the attacker, on all possible ports (1-65535, slowly), Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

VNC Server (Reflective Injection), Reverse TCP Stager (DNS)
Connect back to the attacker, Inject a VNC Dll via a reflective loader (staged) http://www.harmonysecurity.co...

Windows x64 Execute Command
Execute an arbitrary command (Windows x64)

Windows x64 Meterpreter, Windows x64 Bind TCP Stager
Listen for a connection (Windows x64), Inject the meterpreter server DLL via the Reflective Dll Injection payload (Windows x64) (staged) http://www.harmonysecurity.co...

Windows x64 Meterpreter, Windows x64 Reverse TCP Stager
Connect back to the attacker (Windows x64), Inject the meterpreter server DLL via the Reflective Dll Injection payload (Windows x64) (staged) http://www.harmonysecurity.co...

Windows x64 Command Shell, Windows x64 Bind TCP Stager
Listen for a connection (Windows x64), Spawn a piped command shell (Windows x64) (staged)

Windows x64 Command Shell, Windows x64 Reverse TCP Stager
Connect back to the attacker (Windows x64), Spawn a piped command shell (Windows x64) (staged)

Windows x64 Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell (Windows x64)

Windows x64 Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell (Windows x64)

Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager
Listen for a connection (Windows x64), Inject a VNC Dll via a reflective loader (Windows x64) (staged) http://www.harmonysecurity.co...

Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager
Connect back to the attacker (Windows x64), Inject a VNC Dll via a reflective loader (Windows x64) (staged) http://www.harmonysecurity.co...

Copyright © 2003-2010 Rapid7 LLC
Rapid7 Privacy Statement