Windows Drive Formatter - Metasploit


This page contains detailed information about how to use the payload/windows/format_all_drives metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Table Of Contents
hide

Module Overview

Name: Windows Drive Formatter
Module: payload/windows/format_all_drives
Source code: modules/payloads/singles/windows/format_all_drives.rb
Disclosure date: -
Last modification time: 2019-12-11 06:44:35 +0000
Supported architecture(s): x86
Supported platform(s): Windows
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This module is also known as ShellcodeOfDeath.

This payload formats all mounted disks in Windows (aka ShellcodeOfDeath). After formatting, this payload sets the volume label to the string specified in the VOLUMELABEL option. If the code is unable to access a drive for any reason, it skips the drive and proceeds to the next volume.

Module Ranking and Traits

Module Ranking:

  • manual: The exploit is unstable or difficult to exploit and is basically a DoS. This ranking is also used when the module has no use unless specifically configured by the user (e.g.: exploit/windows/smb/psexec). More information about ranking can be found here.

Basic Usage

msf > use payload/windows/format_all_drives
msf payload(format_all_drives) > show options
    ... show and set options ...
msf payload(format_all_drives) > generate

To learn how to generate payload/windows/format_all_drives with msfvenom, please read this.

Go back to menu.

Msfconsole Usage

Here is how the windows/format_all_drives payload looks in the msfconsole:

msf6 > use payload/windows/format_all_drives

msf6 payload(windows/format_all_drives) > show info

       Name: Windows Drive Formatter
     Module: payload/windows/format_all_drives
   Platform: Windows
       Arch: x86
Needs Admin: Yes
 Total size: 393
       Rank: Manual

Provided by:
  Ashfaq Ansari <[email protected]>
  Ruei-Min Jiang <[email protected]>

Basic options:
Name         Current Setting  Required  Description
----         ---------------  --------  -----------
VOLUMELABEL  PwNeD            no        Set the volume label

Description:
  This payload formats all mounted disks in Windows (aka 
  ShellcodeOfDeath). After formatting, this payload sets the volume 
  label to the string specified in the VOLUMELABEL option. If the code 
  is unable to access a drive for any reason, it skips the drive and 
  proceeds to the next volume.

Module Options

This is a complete list of options available in the windows/format_all_drives payload:

msf6 payload(windows/format_all_drives) > show options

Module options (payload/windows/format_all_drives):

   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   VOLUMELABEL  PwNeD            no        Set the volume label

Advanced Options

Here is a complete list of advanced options supported by the windows/format_all_drives payload:

msf6 payload(windows/format_all_drives) > show advanced

Module advanced options (payload/windows/format_all_drives):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   PrependMigrate      false            yes       Spawns and runs shellcode in new process
   PrependMigrateProc                   no        Process to spawn and run shellcode in
   VERBOSE             false            no        Enable detailed status messages
   WORKSPACE                            no        Specify the workspace for this module

Go back to menu.

References

See Also

Check also the following modules related to this module:

Authors

  • Ashfaq Ansari <ashfaq_ansari1989[at]hotmail.com>
  • Ruei-Min Jiang <mike820324[at]gmail.com>

Version

This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.