API tools faq
paste
Advertisement
Guest User

Eternalblue

a guest
May 19th, 2017
238
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.60 KB | None | 0 0
raw download clone embed print report
  1. <?xml version='1.0' encoding='utf-8'?>
  2. <config xmlns='urn:trch' name='Eternalblue' version='2.2.0' schemaversion='2.1.0' configversion='2.2.0.0' id='0f38f55b6a88feccfb846d3d10ab4687e652e63e'>
  3. <inputparameters>
  4. <parameter hidden='true' type='TcpPort' name='DaveProxyPort' description='DAVE Core/Proxy Hookup connection port'>
  5. <default>0</default>
  6. </parameter>
  7. <parameter type='S16' name='NetworkTimeout' description='Timeout for blocking network calls (in seconds). Use -1 for no timeout.'>
  8. <default>60</default>
  9. </parameter>
  10. <parameter xdevmap='TARGET_IP_V4_ADDRESS' type='IPv4' name='TargetIp' description='Target IP Address'/>
  11. <parameter xdevmap='TARGET_PORT' type='TcpPort' name='TargetPort' description='Port used by the SMB service for exploit connection'>
  12. <default>445</default>
  13. </parameter>
  14. <parameter xdevmap='ETERNALBLUE_VALIDATE_TARGET' type='Boolean' name='VerifyTarget' description='Validate the SMB string from target against the target selected before exploitation.'>
  15. <default>true</default>
  16. </parameter>
  17. <parameter xdevmap='ETERNALBLUE_VALIDATE_BACKDOOR' type='Boolean' name='VerifyBackdoor' description='Validate the presence of the DOUBLE PULSAR backdoor before throwing. This option must be enabled for multiple exploit attempts.'>
  18. <default>true</default>
  19. </parameter>
  20. <parameter xdevmap='ETERNALBLUE_MAX_EXPLOIT_ATTEMPTS' type='U32' name='MaxExploitAttempts' description='Number of times to attempt the exploit and groom. Disabled for XP/2K3.'>
  21. <default>3</default>
  22. </parameter>
  23. <parameter xdevmap='ETERNALBLUE_NUMBER_SPRAY_ALLOCATIONS' type='U32' name='GroomAllocations' description='Number of large SMBv2 buffers (Vista+) or SessionSetup allocations (XK/2K3) to do.'>
  24. <default>12</default>
  25. </parameter>
  26. <parameter name='ShellcodeBuffer' required='false' xdevmap='EXPLOIT_SHELLCODE' hidden='true' type='Buffer' description="Shellcode buffer in hex (hint: use 'F:&lt;FILENAME&gt;' to load from file)"/>
  27. <paramchoice xdevmap='TARGET_PLATFORM' name='Target' description='Operating System, Service Pack, and Architecture of target OS'>
  28. <value>WIN72K8R2</value>
  29. <paramgroup name='XP' description='Windows XP 32-Bit All Service Packs'/>
  30. <paramgroup name='WIN72K8R2' description='Windows 7 and 2008 R2 32-Bit and 64-Bit All Service Packs'/>
  31. </paramchoice>
  32. </inputparameters>
  33. <outputparameters>
  34. <parameter xdevmap='ETERNALBLUE_DOUBLEPULSAR_PRESENT' type='Boolean' name='DoublePulsarPresent' description='Set to true if the DOUBLEPULSAR backdoor was already installed and the exploit did not have to be thrown'/>
  35. </outputparameters>
  36. <redirection>
  37. <local protocol='TCP' listenaddr='TargetIp' listenport='TargetPort' closeoncompletion='true' destaddr='//identifier' destport="//service[name='SMB']/port"/>
  38. </redirection>
  39. <logic>
  40. <and>
  41. <service name='smb'>
  42. <bindtovalue name='Protocol' value='SMB'/>
  43. <bindtopath path="//service[name='smb']/port" name='TargetPort'/>
  44. </service>
  45. <or>
  46. <os name='Windows XP' family='windows' architecture='x86 32-bit'>
  47. <bindtovalue name='Target' value='XP'/>
  48. </os>
  49. <os servicepack='0' name='Windows XP' family='windows' architecture='x86 32-bit'>
  50. <bindtovalue name='Target' value='XP'/>
  51. </os>
  52. <os servicepack='1' name='Windows XP' family='windows' architecture='x86 32-bit'>
  53. <bindtovalue name='Target' value='XP'/>
  54. </os>
  55. <os servicepack='2' name='Windows XP' family='windows' architecture='x86 32-bit'>
  56. <bindtovalue name='Target' value='XP'/>
  57. </os>
  58. <os servicepack='3' name='Windows XP' family='windows' architecture='x86 32-bit'>
  59. <bindtovalue name='Target' value='XP'/>
  60. </os>
  61. <os servicepack='0' name='Windows 2003' family='windows' architecture='x86 32-bit'>
  62. <bindtovalue name='Target' value='W2K3SP0'/>
  63. </os>
  64. <os servicepack='1' name='Windows 2003' family='windows' architecture='x86 32-bit'>
  65. <bindtovalue name='Target' value='W2K3SP1SP2'/>
  66. </os>
  67. <os servicepack='2' name='Windows 2003' family='windows' architecture='x86 32-bit'>
  68. <bindtovalue name='Target' value='W2K3SP1SP2'/>
  69. </os>
  70. <os servicepack='1' name='Windows 2003' family='windows' architecture='x64 64-bit'>
  71. <bindtovalue name='Target' value='W2K3X64'/>
  72. </os>
  73. <os servicepack='2' name='Windows 2003' family='windows' architecture='x64 64-bit'>
  74. <bindtovalue name='Target' value='W2K3X64'/>
  75. </os>
  76. <os servicepack='0' name='Windows Vista' family='windows' architecture='x86 32-bit'>
  77. <bindtovalue name='Target' value='VISTA2K8X86'/>
  78. </os>
  79. <os servicepack='1' name='Windows Vista' family='windows' architecture='x86 32-bit'>
  80. <bindtovalue name='Target' value='VISTA2K8X86'/>
  81. </os>
  82. <os servicepack='2' name='Windows Vista' family='windows' architecture='x86 32-bit'>
  83. <bindtovalue name='Target' value='VISTA2K8X86'/>
  84. </os>
  85. <os servicepack='0' name='Windows Vista' family='windows' architecture='x64 64-bit'>
  86. <bindtovalue name='Target' value='VISTA2K8X64'/>
  87. </os>
  88. <os servicepack='1' name='Windows Vista' family='windows' architecture='x64 64-bit'>
  89. <bindtovalue name='Target' value='VISTA2K8X64'/>
  90. </os>
  91. <os servicepack='2' name='Windows Vista' family='windows' architecture='x64 64-bit'>
  92. <bindtovalue name='Target' value='VISTA2K8X64'/>
  93. </os>
  94. <os servicepack='0' name='Windows 2008' family='windows' architecture='x86 32-bit'>
  95. <bindtovalue name='Target' value='VISTA2K8X86'/>
  96. </os>
  97. <os servicepack='1' name='Windows 2008' family='windows' architecture='x86 32-bit'>
  98. <bindtovalue name='Target' value='VISTA2K8X86'/>
  99. </os>
  100. <os servicepack='2' name='Windows 2008' family='windows' architecture='x86 32-bit'>
  101. <bindtovalue name='Target' value='VISTA2K8X86'/>
  102. </os>
  103. <os servicepack='0' name='Windows 2008' family='windows' architecture='x64 64-bit'>
  104. <bindtovalue name='Target' value='VISTA2K8X64'/>
  105. </os>
  106. <os servicepack='1' name='Windows 2008' family='windows' architecture='x64 64-bit'>
  107. <bindtovalue name='Target' value='VISTA2K8X64'/>
  108. </os>
  109. <os servicepack='2' name='Windows 2008' family='windows' architecture='x64 64-bit'>
  110. <bindtovalue name='Target' value='VISTA2K8X64'/>
  111. </os>
  112. <os servicepack='0' name='Windows 2008 R2' family='windows' architecture='x64 64-bit'>
  113. <bindtovalue name='Target' value='WIN72K8R2'/>
  114. </os>
  115. <os servicepack='1' name='Windows 2008 R2' family='windows' architecture='x64 64-bit'>
  116. <bindtovalue name='Target' value='WIN72K8R2'/>
  117. </os>
  118. <os servicepack='0' name='Windows 7' family='windows' architecture='x86 32-bit'>
  119. <bindtovalue name='Target' value='WIN72K8R2'/>
  120. </os>
  121. <os servicepack='1' name='Windows 7' family='windows' architecture='x86 32-bit'>
  122. <bindtovalue name='Target' value='WIN72K8R2'/>
  123. </os>
  124. <os servicepack='0' name='Windows 7' family='windows' architecture='x64 64-bit'>
  125. <bindtovalue name='Target' value='WIN72K8R2'/>
  126. </os>
  127. <os servicepack='1' name='Windows 7' family='windows' architecture='x64 64-bit'>
  128. <bindtovalue name='Target' value='WIN72K8R2'/>
  129. </os>
  130. </or>
  131. </and>
  132. </logic>
  133. </config>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!