MS17-010 Vulnerability - New EternalRomance / EternalSynergy / EternalChampion SMB modules for Metasploit - Exploit Windows2012R2 and Windows2016

In the previous post, we covered the two new MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Command/Code Execution modules that Metasploit released last month:
auxiliary/admin/smb/ms17_010_command and
exploit/windows/smb/ms17_010_psexec

One of the cool features for the new modules is that they are supposed to work with all Microsoft OS versions post-Windows 2000. Check this message on Twitter from zerosum0x0 - one of the modules' authors.
Therefore, I wanted to test the new modules with newer Microsoft OS Server versions like Windows 2012 R2 and Windows 2016.

As you will see in the video below, exploiting Windows 2012 R2 and Windows 2016 is similar to exploiting Windows 10. We will need non-admin user credentials in order to exploit successfully, because by default no named pipes are available when connecting anonymously.

For learning purposes, I attempted to use the modules without specifying the credentials and I got the following error:

<Target_IP>:445   - Rex::Proto::SMB::Exceptions::LoginError: Login Failed: undefined method `force_encoding' for nil:NilClass


The details for my LAB are as in the picture below:


For more details and explanations, please check my previous post .

MS17-010 Vulnerability
New  EternalRomance / EternalSynergy / EternalChampion SMB modules for Metasploit
Exploiting Windows 2012 R2 and Windows 2016


Comments

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux