MS17-010 Vulnerability - EternalBlue exploit using a binary payload and python script on Windows 8.1 and Windows 2012 R2 targets

In this video we exploit the MS17-010 Vulnerability (EternalBlue) on Windows 8.1 and Windows 2012 R2 targets. We use the shellcode (binary payloads) that we previously generated, in addition to a python script and Metasploit Framework.

Please check my previous post on generating the shellcode:
Generating shellcode - using msfvenom to generate a binary payload

We also need Worawit's eternalblue8_exploit.py python script, which can be downloaded from the following Github URL:
https://gist.github.com/worawit/074a27e90a3686506fc586249934a30e

Many of the commands used in this video are very similar with the ones used in my previous Windows 7 / Windows 2008 R2 exploitation video. So please check the post below for more explanations:
MS17-010 Vulnerability - EternalBlue exploit using a binary payload and python script on Windows 7 and Windows 2008 R2 targets

Still, when using the EternalBlue exploit, there is an important difference between Windows 7 / Windows 2008 R2 on one side and Windows 8.1 / Windows 2012 R2 on the other side.
Windows 7 and Windows 2008 R2 accept by default NULL sessions, while Windows 8.1 and Windows 2012 R2 don't accept NULL sessions by default.
In the video, we test the NULL session establishment for each OS, by using the following command:
net use \\<VM_IP_Address>\IPC$ "" /u:""

Because of this difference, in the case of Windows 8.1 / Windows 2012 R2 targets, the exploitation python script needs a non-admin user id to initially connect to the target and deliver the payload. 
During penetration testing scenarios, the non-admin user id has to be obtained via social engineering or other means. For our testing purposes, a local non-admin user id is manually created on the Windows 8.1 and Windows 2012 R2 test VMs with the following credentials:
User_id: testuser1
Password: P@ssw0rd
The eternalblue8_exploit.py python script is then edited in order to use the credentials above.

The command used for running the EternalBlue exploit script is:
python eternalblue8_exploit.py <Target_IP> <shellcode_file> [numGroomConn]
where:
<Target_IP> - can be the IP address for the test Windows 8.1 machine (192.168.254.163) or for the test Windows 2012 R2 machine (192.168.254.165)
<shellcode_file> - can be sc_x64.bin (the binary payload without NOP sled) or sc_x64_100n.bin (the binary payload with NOP sled)
[numGroomConn] - is an optional parameter which by default has the value 13. It is used in the EternalBlue exploit script for the buffer overflow attack. If the exploit fails, but the target does not crash, then try increasing the "numGroomConn" value.



Comments

  1. Your blog is very valuable which you have shared here about professional whatsapp hacking service. I appreciate your efforts which you have put into this article and also it is a gainful article for us. Thank you for sharing this article here.

    ReplyDelete
  2. Great job, this is essential information that is shared by you. This information is meaningful and very important for us to increase our knowledge about it. Always keep sharing this type of information. Thanks once again for sharing it. Information security auditor

    ReplyDelete

  3. It’s great to come across a blog every once in a while that isn’t the same out of date rehashed material. Fantastic read.Best python list append service provider

    ReplyDelete
  4. That is a very informative article and nicely describes the ongoing trends in website designing. Your article is very useful for Real Estate Social Media Strategy us and it resolved many of my doubts. Thanks .

    ReplyDelete
  5. Great job for publishing such a nice article. Your article isn’t only useful but it is additionally really informative. effective penetration testing cyber securityThank you because you have been willing to share information with us.

    ReplyDelete
  6. Very nice post thank you for sharing this post its very knowledgeable and very helpful i hope that you will continue to post these kinds of contents in future apart from that if anyone looking for AutoCAD institute in delhi so check out this Contact Here-+91-9311002620 Or Visit Website- https://www.htsindia.com/AutoCAD-training-courses

    ReplyDelete
  7. Thanks for sharing this informative post. It's really very helpful by the way. If anyone looking for best Ms Office training institute in Delhi Contact Here-+91-9311002620 Or Visit our website https://www.htsindia.com/Courses/microsoft-courses/ms-office-course

    ReplyDelete

  8. Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you python list methods

    ReplyDelete

  9. Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you Best hcia service provider.

    ReplyDelete

Post a Comment

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux