Eternal Blue Exploit Walkthrough:

Imvkale
2 min readDec 25, 2020

--

EternalBlue is an exploit that allows cyber threat actors to remotely execute arbitrary code and gain access to a network by sending specially crafted packets. It exploits a software vulnerability in Microsoft’s Windows operating systems (OS) Server Message Block(SMB) version 1 (SMBv1) protocol, a network file sharing protocol that allows access to files on a remote server. This exploit potentially allows cyber threat actors to compromise the entire network and all devices connected to it. Due to EternalBlue’s ability to compromise networks, if one device is infected by malware via EternalBlue, every device connected to the network is at risk. This makes recovery difficult, as all devices on a network may have to be taken offline for remediation. This vulnerability was patched and is listed on Microsoft’s security bulletin as MS17–010.

1. Reconnaissance Phase

Let’s start the first phase of hacking by gathering information about the machine by doing the nmap scan

nmap -sV -sC — script vuln [ip add]

2.Gaining Access

now let’s search about the vulnerability in the Metasploit. We found the vulnerability and let’s start exploiting the target by filling necessary information.

search ms17–010

3. Escalate Privileges

now we need to escalate our privileges to meterpreter.

--

--

Imvkale
Imvkale

Written by Imvkale

hey guys how are you, i am a security researcher eager to write walkthroughs

No responses yet