MS17-010 Vulnerability - EternalBlue exploit using a binary payload and python script on Windows 8.1 and Windows 2012 R2 targets

In this video we exploit the MS17-010 Vulnerability (EternalBlue) on Windows 8.1 and Windows 2012 R2 targets. We use the shellcode (binary payloads) that we previously generated, in addition to a python script and Metasploit Framework.

Please check my previous post on generating the shellcode:
Generating shellcode - using msfvenom to generate a binary payload

We also need Worawit's eternalblue8_exploit.py python script, which can be downloaded from the following Github URL:
https://gist.github.com/worawit/074a27e90a3686506fc586249934a30e

Many of the commands used in this video are very similar with the ones used in my previous Windows 7 / Windows 2008 R2 exploitation video. So please check the post below for more explanations:
MS17-010 Vulnerability - EternalBlue exploit using a binary payload and python script on Windows 7 and Windows 2008 R2 targets

Still, when using the EternalBlue exploit, there is an important difference between Windows 7 / Windows 2008 R2 on one side and Windows 8.1 / Windows 2012 R2 on the other side.
Windows 7 and Windows 2008 R2 accept by default NULL sessions, while Windows 8.1 and Windows 2012 R2 don't accept NULL sessions by default.
In the video, we test the NULL session establishment for each OS, by using the following command:
net use \\<VM_IP_Address>\IPC$ "" /u:""

Because of this difference, in the case of Windows 8.1 / Windows 2012 R2 targets, the exploitation python script needs a non-admin user id to initially connect to the target and deliver the payload. 
During penetration testing scenarios, the non-admin user id has to be obtained via social engineering or other means. For our testing purposes, a local non-admin user id is manually created on the Windows 8.1 and Windows 2012 R2 test VMs with the following credentials:
User_id: testuser1
Password: P@ssw0rd
The eternalblue8_exploit.py python script is then edited in order to use the credentials above.

The command used for running the EternalBlue exploit script is:
python eternalblue8_exploit.py <Target_IP> <shellcode_file> [numGroomConn]
where:
<Target_IP> - can be the IP address for the test Windows 8.1 machine (192.168.254.163) or for the test Windows 2012 R2 machine (192.168.254.165)
<shellcode_file> - can be sc_x64.bin (the binary payload without NOP sled) or sc_x64_100n.bin (the binary payload with NOP sled)
[numGroomConn] - is an optional parameter which by default has the value 13. It is used in the EternalBlue exploit script for the buffer overflow attack. If the exploit fails, but the target does not crash, then try increasing the "numGroomConn" value.



Comments

  1. Thanks for such a pleasant post. This post loaded with lots of useful information. Keep it up. If you are looking for the best information and suggestions related to Python Recursion Function then visit Coding Dolphin.

    ReplyDelete
  2. Thanks for sharing the best information and suggestions, it is very nice and very useful to us. I appreciate the work that you have shared in this post. Keep sharing these types of articles here.Password hacker online

    ReplyDelete
  3. It's very nice of you to share your knowledge through posts. I love to read stories about your experiences. They're very useful and interesting. I am excited to read the next posts. I'm so grateful for all that you've done. Keep plugging. Many viewers like me fancy your writing. Thank you for sharing precious information with us. Best genuine hackers for hire service provider.

    ReplyDelete
  4. You have provided valuable data for us. It is great and informative for everyone. Keep posting always. I am very thankful to you. Hire A Professional Hacker

    ReplyDelete
  5. Thank you so much for sharing this blog with us. It provides a collection of useful information. You obviously put a lot of effort into it! Best python string methods service provider.

    ReplyDelete
  6. Your post is really good thanks for sharing these kind of post but if anyone looking for Best Consulting Firm for Fake Experience Certificate Providers in bangalore, India with Complete Documents So Dreamsoft Consultancy is the Best Place.Further Details Here- 9599119376 or VisitWebsite-https://experiencecertificates.com/experience-certificate-provider-in-bangalore.html

    ReplyDelete
  7. Thanks for posting these kinds of post its very helpful and very good content a really appreciable post apart from that if anyone looking for Python training institute in delhi so contact here +91-9311002620 visit https://www.htsindia.com/Courses/python/python-training-institute-in-delhi

    ReplyDelete

Post a Comment

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux