Excalibur is an Eternalblue exploit based “Powershell” for the Bashbunny project. It’s purpose is to reflect on how a “simple” USB drive can execute the 7 cyber kill chain.
When Excalibur gets connected to the machine, it will run the following:
- Trys to bypass UAC, or just get administrative rights
- Gets interface info (IP addresses) and build a network map inside a TXT file.
- Scans port 445 for the known “MS10-17” (“EternalBlue”) vulnerability in every segment found.
- Exploits every machine and drop a shell to a remote machine.
Follow the steps here to compile a shellcode: https://github.com/vivami/MS17-010
- Copy payload.txt to the switch folder.
- Copy the “eternablblue_exploit7.py” and compile it using Pyinstaller:
- “pip install pyinstaller”
- “pipinstaller –onefile eternablblue_exploit7.py”
- Add your shellcode and the compiled exploiter into “a.zip” and copy it to the “loot” folder”.
- a.zip needs to contain a compiled, standalone eternalblue exploiter from “vivami’s” repo and the shellcode.
- Copy the powershell script to (p_v2.ps1) to the loot folder.