MS17010( Eternal Blue ) Vulnerability exploitation and recurrence

0X00 brief introduction

Eternal blue means 2017 year 4 month 14 Day and night , Hacker group Shadow
Brokers( Shadow broker ) Publish a large number of network attack tools , It contains “ Eternal Blue ” tool ,“ Eternal Blue ” utilize Windows Systematic SMB Vulnerabilities can obtain the highest privileges of the system .5 month 12 day , Criminals through reform “ Eternal Blue ” Made wannacry Blackmail virus , britain , Russia , The whole Europe as well as China's domestic campus network , Large enterprise intranet and government agency private network , Extortion to pay a high ransom to decrypt the recovery file .

0X01 Vulnerability overview

The eternal blue vulnerability is one of the key issues in the framework of vulnerability exploitation SMB Vulnerability of service attack , The vulnerability causes the attacker to execute arbitrary code on the target system

0X02 Environment for vulnerability recurrence
Win7 One
Kali linux One

0X03 Vulnerability exploitation
Use it first nmap View ports

find 445 port
use msf

Test it with the scan module first

Find out what you can use

Find attack module

Control success

View system information

rebound shell

Account added successfully
Get the account hash, Decode to get the code
Find the path shown to see a screenshot of the victim

Display success

Keep a good habit of clearing logs

m: week