- AKA_DESC =
'Filter modules with a matching AKA name.'
- APP_DESC =
'Filter modules that are client or server attacks. (Accepts strings \'client\' or \'server\').'
- ARCH_DESC =
'Filter modules with a matching architecture.'
- AUTHOR_DESC =
'Filter modules written by a matching author.'
- AUTHORS_DESC =
'Alias for \'author\'.'
- BID_DESC =
'Filter modules with a matching Bugtraq ID.'
- CVE_DESC =
'Filter modules with a matching CVE ID.'
- EDB_DESC =
'Filter modules with a matching Exploit-DB ID.'
- DESCRIPTION_DESC =
'Filter modules with a matching description.'
- DISCLOSURE_DATE_DESC =
'Filter modules with a matching disclosure date.'
- DATE_DESC =
'Alias for \'disclosure_date\'.'
- FULL_NAME_DESC =
'Filter modules with a matching full name.'
- IS_INSTALL_PATH_DESC =
'Filter modules that by value of \'is_install_path\'. (Accepts strings \'true\' or \'false\').'
- MOD_TIME_DESC =
'Filter modules with a matching modification time.'
- NAME_DESC =
'Filter modules with a matching descriptive name.'
- PATH_DESC =
'Filter modules with a matching path name.'
- PLATFORM_DESC =
'Filter modules affecting a matching platform, arch, or target.'
- OS_DESC =
'Alias for \'platform\'.'
- PORT_DESC =
'Filter modules with a matching port.'
- RPORT_DESC =
'Alias for \'port\'.'
- RANK_DESC =
'Filter modules with a matching rank. Accepts numeric values with optional comparison operators (ex: 200, gt500, lte300).'
- REFERENCE_DESC =
'Filter modules with a matching reference (CVE, BID, EDB, etc.).'
- REFERENCES_DESC =
'Alias for \'reference\'.'
- REF_NAME_DESC =
'Filter modules with a matching ref_name.'
- REF_DESC =
'Alias for \'ref_name\'.'
- TARGET_DESC =
'Filter modules with a matching target.'
- TARGETS_DESC =
'Alias for \'target\'.'
- TEXT_DESC =
'Filter modules matching any one of name, full name, description, reference, author, or targets.'
- TYPE_DESC =
'Filter modules with a matching type (exploit, auxiliary, payload, etc.).'
- FIELDS_DESC =
'Provide a comma-delimited list of metadata fields you would like to return. If left blank, all fields will be returned. Valid field names are: \'name\', \'full_name\', \'fullname\', \'aka\', \'arch\', \'author\', \'author\', \'description\', \'disclosure_date\', \'cve\', \'edb\', \'bid\', \'mod_time\', \'is_install_path\', \'os\', \'platform\', \'reference\', \'references\', \'ref_name\', \'ref\', \'path\', \'port\', \'rport\', \'rank\', \'type\', \'target\', \'targets\''
- NOTES_DESC =
'Extra info for a module, such as AKA names or NOCVE explanations.'
- TYPE_ENUM =
[
'auxiliary',
'encoder',
'exploit',
'nop',
'payload',
'post',
''
]
- NAME_EXAMPLE =
'MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption'
- FULL_NAME_EXAMPLE =
'exploit/windows/smb/ms17_010_eternalblue'
- DISCLOSURE_DATE_EXAMPLE =
'2017-03-14T00:00:00.000-05:00'
- RANK_EXAMPLE =
'200'
- TYPE_EXAMPLE =
'exploit'
- DESCRIPTION_EXAMPLE =
'This module is a port of the Equation Group ETERNALBLUE exploit, part of\n the FuzzBunch toolkit released by Shadow Brokers.\n\n There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size\n is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a\n DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow\n is well laid-out to overwrite an SMBv1 buffer. Actual RIP hijack is later\n completed in srvnet!SrvNetWskReceiveComplete.\n\n This exploit, like the original may not trigger 100% of the time, and should be\n run continuously until triggered. It seems like the pool will get hot streaks\n and need a cool down period before the shells rain in again.\n\n The module will attempt to use Anonymous login, by default, to authenticate to perform the\n exploit. If the user supplies credentials in the SMBUser, SMBPass, and SMBDomain options it will use\n those instead.\n\n On some systems, this module may cause system instability and crashes, such as a BSOD or\n a reboot. This may be more likely with some payloads.'
- AUTHOR_EXAMPLE =
[
'Sean Dillon <[email protected]>',
'Dylan Davis <[email protected]>',
'Equation Group',
'Shadow Brokers',
'thelightcosine'
]
- REFERENCES_EXAMPLE =
[
'MSB-MS17-010',
'CVE-2017-0143',
'CVE-2017-0144',
'CVE-2017-0145',
'CVE-2017-0146',
'CVE-2017-0147',
'CVE-2017-0148',
'URL-https://github.com/RiskSense-Ops/MS17-010'
]
- IS_SERVER_EXAMPLE =
true
- IS_CLIENT_EXAMPLE =
false
- PLATFORM_EXAMPLE =
'Windows'
- ARCH_EXAMPLE =
''
- RPORT_EXAMPLE =
'445'
- MOD_TIME_EXAMPLE =
'2018-07-10T17:39:42.000-05:00'
- REF_NAME_EXAMPLE =
'windows/smb/ms17_010_eternalblue'
- PATH_EXAMPLE =
'/modules/exploits/windows/smb/ms17_010_eternalblue.rb'
- IS_INSTALL_PATH_EXAMPLE =
true
- TARGETS_EXAMPLE =
[
'Windows 7 and Server 2008 R2 (x64) All Service Packs'
]
- NOTES_EXAMPLE =
{
'AKA' => [ 'ETERNALBLUE' ]
}