Difference between revisions of "EternalBlue Windows 7"

From csn
Jump to navigation Jump to search
Line 14: Line 14:
 
</pre>
 
</pre>
  
Copy the line above into a text editor, and then change the '''FIXTURENUMBER''' to the light found on your computer overhead. Once you have edited this in a text editor, Open a terminal, the black box on the side of your Desktop. Copy and paste the edited command from your text editor into the terminal. Did your light turn on? What was the colour? Change the values to change the light to your favourite colour.
+
we are then going to use the search command to see what Modules are available:
 +
<pre>
 +
search eternalblue
 +
</pre>
  
How do you think you could switch the light off? Play with the parameters and ask for help if you need some guidance.
+
you should see something like this:
 +
 
 +
<pre>
 +
Matching Modules
 +
================
 +
 
 +
  Name                                          Disclosure Date  Rank    Check  Description
 +
  ----                                          ---------------  ----    -----  -----------
 +
  auxiliary/admin/smb/ms17_010_command          2017-03-14      normal  Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
 +
  auxiliary/scanner/smb/smb_ms17_010                              normal  Yes    MS17-010 SMB RCE Detection
 +
  exploit/windows/smb/ms17_010_eternalblue      2017-03-14      average  No    MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
 +
  exploit/windows/smb/ms17_010_eternalblue_win8  2017-03-14      average  No    MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
 +
  exploit/windows/smb/ms17_010_psexec            2017-03-14      normal  No    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
 +
</pre>
  
 
== Some Basic Bash Programming ==  
 
== Some Basic Bash Programming ==  

Revision as of 11:14, 30 September 2021

In this lab, we will learn how to use the EternalBlue vulnerability on an unpatched Windows 7 host. This exploit was linked to the NSA but has since been patched on all windows versions. We will use Metasploit on Kali Linux to make this process a little easier.

  • EternalBlue
  • Linux
  • Security
  • Metasploit

starting up metasploit

on the Kali VM we are going to open terminal and type the following commands:

service postgresql start
msfconsole

we are then going to use the search command to see what Modules are available:

search eternalblue

you should see something like this:

Matching Modules
================

   Name                                           Disclosure Date  Rank     Check  Description
   ----                                           ---------------  ----     -----  -----------
   auxiliary/admin/smb/ms17_010_command           2017-03-14       normal   Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
   auxiliary/scanner/smb/smb_ms17_010                              normal   Yes    MS17-010 SMB RCE Detection
   exploit/windows/smb/ms17_010_eternalblue       2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
   exploit/windows/smb/ms17_010_eternalblue_win8  2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
   exploit/windows/smb/ms17_010_psexec            2017-03-14       normal   No     MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

Some Basic Bash Programming

This section will introduce you to looping in bash. Open a new text editor window and paste in the following code.

#!/bin/bash

for i in {1..5}
do
  echo "Hello World!"
  sleep 1s
done