EternalBlue is nothing but an achievement that the National Security Agency (NSA) has actually developed and used. But this was somehow leaked in April 2017 by the hacker group called the Shadow Brokers, and this vulnerability leaked online was then used in the devastating effects of the worldwide WannaCry ransomware attack and NotPetya ransomware. So what this hack does is that the Windows Server Message Block 1.0 (SMBv1) effectively exploits a vulnerability. SMB is a protocol that Windows machines use to share files in the same network. The SMBv1 server was therefore unable to manage specially crafted payloads in this bug, resulting in remote execution of code. This vulnerability has been identified and has already been documented CVE-2017-0144.
Our Victim: Windows 7 (IP address: 192.168.0.103)
Until you start, make sure you have wine in your kali. If you don't type the following commands in your Kali. (Wine is used for exe files or windows applications in many operating systems)
Copy the Eternal Blue-Doublepulsar.rb file and place it under the following directory /usr/share/metasploit-framework /module/exploits/windows/smb/
And we got our session with the meterpreter. Now just type in shell to give you the command prompt of your victim machine.
NOTE: Metasploit also has a module to test whether or not the victim's computer is vulnerable to this attack. You could first use this to test and then use the exploit to carry out the attack as explained above. We might use the module auxiliary/scanner/smb/smb_ms17_010 and then set your target host to initiate the scan.
So that’s for now. See you next time.
Technology dependency in Business are growing, so is the risk. We come across SOS situation every now and then due to Cyber Crime.
Infopercept SOS model is like vaccine which immunize against threat at various levels
H-1209, Titanium City Center,
Anand Nagar Road, Satellite Road,
Ahmedabad – 380 015