The first thing we need to do is open up the terminal and start Metasploit. An evaluation copy can be downloaded from Microsoft so that you can better follow along. We'll be using an unpatched copy of Windows Server 2008 R2 as the target for the first section of this tutorial. Option 1: Exploit EternalBlue with Metasploit Don't Miss: How to Discover Computers Vulnerable to EternalBlueĮternalBlue was mostly responsible for the WannaCry, NotPetya, and BadRabbit ransomware outbreaks, as well as the EternalRocks worm.An attacker can then send malformed packets and ultimately execute arbitrary commands on the target. The vulnerability is allowed to occur because earlier versions of SMB contain a flaw that lets an attacker establish a null session connection via anonymous login. SMB allows systems to share access to files, printers, and other resources on the network. It was released in 2017 by the Shadow Brokers, a hacker group known for leaking tools and exploits used by the Equation Group, which has possible ties to the Tailored Access Operations unit of the NSA.ĮternalBlue, also known as MS17-010, is a vulnerability in Microsoft's Server Message Block (SMB) protocol. What Is EternalBlue?ĮternalBlue is an exploit most likely developed by the NSA as a former zero-day. Here, we will use EternalBlue to exploit SMB via Metasploit. Originally tied to the NSA, this zero-day exploited a flaw in the SMB protocol, affecting many Windows machines and wreaking havoc everywhere. Particular vulnerabilities and exploits come along and make headlines with their catchy names and impressive potential for damage.
0 kommentar(er)
