EternalBlue Windows 7

From csn
Revision as of 11:22, 30 September 2021 by 20190234 (talk | contribs)
Jump to navigation Jump to search

In this lab, we will learn how to use the EternalBlue vulnerability on an unpatched Windows 7 host. This exploit was linked to the NSA but has since been patched on all windows versions. We will use Metasploit on Kali Linux to make this process a little easier.

  • EternalBlue
  • Linux
  • Security
  • Metasploit

starting up metasploit

on the Kali VM we are going to open terminal and type the following commands:

service postgresql start
msfconsole

we are then going to use the search command to see what Modules are available:

search eternalblue

you should see something like this:

Matching Modules
================

   Name                                           Disclosure Date  Rank     Check  Description
   ----                                           ---------------  ----     -----  -----------
   auxiliary/admin/smb/ms17_010_command           2017-03-14       normal   Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
   auxiliary/scanner/smb/smb_ms17_010                              normal   Yes    MS17-010 SMB RCE Detection
   exploit/windows/smb/ms17_010_eternalblue       2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
   exploit/windows/smb/ms17_010_eternalblue_win8  2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
   exploit/windows/smb/ms17_010_psexec            2017-03-14       normal   No     MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution

Getting the IP address of your Windows 7 Machine

you will need to open command prompt and type:

ipconfig

we are looking for an ip address that looks like this 134.115.148.xxx (xxx being the last numbers)

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::2121:c64f:633e:44de%12
   IPv4 Address. . . . . . . . . . . : '''134.115.148.139'''
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::a68c:dbff:fe6e:ef01%12
                                       134.115.148.1