MS17-010 Vulnerability - Detecting and uninstalling DoublePulsar implant

In this video we will identify computers affected by the MS17-010 vulnerability, which were compromised with the DoublePulsar implant. 
The detection task will be performed by using Countercept's DoublePulsar detection script, which can be downloaded from the following GitHub location:
https://github.com/countercept/doublepulsar-detection-script
The same script can also be used for uninstalling the DoublePulsar implant.

Check also my other posts on how to install the DoublePulsar module and on how to use the DoublePulsar exploit module.

Commands used in this video:
git clone https://github.com/countercept/doublepulsar-detection-script.git
This command creates a local copy of the "doublepulsar-detection-script" Git repository.
python detect_doublepulsar_smb.py --ip <IP_Address>
This command will check if the target at <IP_Address> is compromised with the DoublePulsar implant.
python detect_doublepulsar_smb.py --ip <IP_Address> --uninstall --verbose
This command will uninstall the DoublePulsar implant from the target at <IP_Address>. 


Comments

  1. hi friend make more video and can you explain ms17-010 exploit for reverse_named_pipe pivot attack for metasploit framework to other to different network ip channel tel me yes are not i am waiting your response i think you can do this

    ReplyDelete

Post a comment

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux