Windows Gather Forensics Duqu Registry Check
This module searches for CVE-2011-3402 (Duqu) related registry artifacts.
Rank
- Normal
Authors
- Marcus J. Carey < mjc [at] threatagent.com >
Vulnerability References
Development
Similar Modules
- post/windows/gather/forensics/enum_drives
- post/windows/gather/forensics/imager
- post/windows/gather/forensics/nbd_server
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/gather/forensics/duqu_check
msf post(duqu_check) > set SESSION [INTEGER]
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use post/windows/gather/forensics/duqu_check
msf post(duqu_check) > set SESSION [INTEGER]
Module Options
| SESSION | The session to run this module on. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |