Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

module

Windows Inject PE Files, Bind TCP Stager (Windows x86)

Disclosed
N/A
Created
Sep 2, 2020

Description

Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE
loader will execute the pre-mapped PE image starting from the address of entry after performing image base
relocation and API address resolution. This module requires a PE file that contains relocation data and a
valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks
are not currently supported. Also PE files which use resource loading might crash.
Listen for a connection (Windows x86)

Platform

Windows

Architectures

x86

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


msf > use payload/windows/peinject/bind_tcp
msf payload(bind_tcp) > show actions
...actions...
msf payload(bind_tcp) > set ACTION < action-name >
msf payload(bind_tcp) > show options
...show and set options...
msf payload(bind_tcp) > run

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.