EIP-2026-118605

PRE-CVE

Gh0st Client (C2 Server) - Remote Buffer Overflow (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118605. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in the Gh0st client (C2 server) by spraying the heap with NOP sleds and shellcode, then triggering the overflow via specific commands. It targets Gh0st Beta 3.6 and achieves remote code execution.

Description

Gh0st Client (C2 Server) - Remote Buffer Overflow (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/42630

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the Gh0st client (C2 server) by spraying the heap with NOP sleds and shellcode, then triggering the overflow via specific commands. It targets Gh0st Beta 3.6 and achieves remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Gh0st client (C2 server) Beta 3.6

No auth needed

Prerequisites: Network access to the Gh0st C2 server on port 80

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026