Difference between revisions of "EternalBlue Windows 7"

From csn
Jump to navigation Jump to search
Line 34: Line 34:
 
</pre>
 
</pre>
  
== Some Basic Bash Programming ==  
+
== Getting the IP address of your Windows 7 Machine ==  
  
This section will introduce you to looping in bash. Open a new text editor window and paste in the following code.
+
you will need to open command prompt and type:
  
 
<pre>
 
<pre>
#!/bin/bash
+
ipconfig
 +
</pre>
  
for i in {1..5}
+
we are looking for an ip address that looks like this 134.115.148.xxx (xxx being the last numbers)
do
+
 
  echo "Hello World!"
+
<pre>
  sleep 1s
+
Ethernet adapter Ethernet:
done
+
 
 +
  Connection-specific DNS Suffix  . :
 +
  Link-local IPv6 Address . . . . . : fe80::2121:c64f:633e:44de%12
 +
  IPv4 Address. . . . . . . . . . . : '''134.115.148.139'''
 +
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
 +
  Default Gateway . . . . . . . . . : fe80::a68c:dbff:fe6e:ef01%12
 +
                                      134.115.148.1
 
</pre>
 
</pre>

Revision as of 11:22, 30 September 2021

In this lab, we will learn how to use the EternalBlue vulnerability on an unpatched Windows 7 host. This exploit was linked to the NSA but has since been patched on all windows versions. We will use Metasploit on Kali Linux to make this process a little easier.

  • EternalBlue
  • Linux
  • Security
  • Metasploit

starting up metasploit

on the Kali VM we are going to open terminal and type the following commands: 

service postgresql start
msfconsole

we are then going to use the search command to see what Modules are available: 

search eternalblue

you should see something like this: 

Matching Modules
================

   Name                                           Disclosure Date  Rank     Check  Description
   ----                                           ---------------  ----     -----  -----------
   auxiliary/admin/smb/ms17_010_command           2017-03-14       normal   Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
   auxiliary/scanner/smb/smb_ms17_010                              normal   Yes    MS17-010 SMB RCE Detection
   exploit/windows/smb/ms17_010_eternalblue       2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
   exploit/windows/smb/ms17_010_eternalblue_win8  2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
   exploit/windows/smb/ms17_010_psexec            2017-03-14       normal   No     MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

Getting the IP address of your Windows 7 Machine

you will need to open command prompt and type: 

ipconfig

we are looking for an ip address that looks like this 134.115.148.xxx (xxx being the last numbers) 

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::2121:c64f:633e:44de%12
   IPv4 Address. . . . . . . . . . . : '''134.115.148.139'''
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::a68c:dbff:fe6e:ef01%12
                                       134.115.148.1
Retrieved from "https://csn.murdoch.edu.au/mediawiki/index.php?title=EternalBlue_Windows_7&oldid=1940"