Premise

In this post, I’ll show you how I performed a basic penetration test on a Windows machine, specifically targeting the infamous “Eternal Blue” vulnerability. My goal is to walk you through the process of identifying and exploiting this vulnerability, while also explaining the importance of understanding what you’re dealing with before you jump into exploitation.

Machine Name: Eternal Blue TryHackMe

Difficulty: Easy

Skills Learned

  • Windows Exploitation
  • Eternal blue vulnerability

In this video, I’ll show you how I performed a basic penetration test on a Windows machine, specifically targeting the infamous “Eternal Blue” vulnerability. My goal is to walk you through the process of identifying and exploiting this vulnerability, while also explaining the importance of understanding what you’re dealing with before you jump into exploitation. 🕵️‍♂️


Scanning and Reconnaissance

My first step was to scan the target machine to see what ports were open and what services were running. I used the popular port scanner, nmap, for this. I started with a basic scan to get a quick overview and then followed up with a more aggressive scan to gather more detailed information about the services running on the open ports.

Understanding Eternal Blue

While the scans were running, I took a moment to explain what Eternal Blue is. It’s a critical vulnerability that affects the Server Message Block (SMB) version 1 protocol. This vulnerability allows an attacker to gain remote access to a system. It affects a wide range of Windows operating systems, including Windows 7, Windows 8.1, and even some versions of Windows 10.

Identifying the Vulnerability

Once my nmap scans were complete, I used its scripting engine with the vuln switch to specifically look for known vulnerabilities. This scan confirmed that the target machine was indeed vulnerable to Eternal Blue on its SMB service.

Finding and Preparing the Exploit

With the vulnerability confirmed, it was time to find an exploit. I used searchsploit to look for available exploits and also did a quick search on Google and GitHub to find a suitable Python-based exploit for Eternal Blue.

The exploit I chose required a shellcode. I used a shellcode maker script to generate a reverse shell payload, making sure to specify my own IP address and the ports I wanted to use for the connection.

The Exploitation Attempt

Before running the exploit, I set up a listener on my machine to catch the incoming connection from the compromised target. Then, I launched the Eternal Blue exploit, providing the target’s IP address and the path to the shellcode I had generated.

Unfortunately, due to some connection instability, while the exploit did run successfully, I didn’t receive a session back on my listener. It’s a good reminder that even with a known vulnerability and a working exploit, things don’t always go as planned in the world of penetration testing!

Technical Commands Used

Here are the commands I used in the terminal during this penetration test:

  • sudo nmap -Pn [target IP]
  • sudo nmap -A [target IP]
  • ls /usr/share/nmap/scripts
  • ls -l *smb*
  • sudo nmap --script vuln [target IP]
  • searchsploit ms17-010
  • chmod +x [exploit_name.py]
  • python [exploit_name.py] [target IP]
  • sudo pip3 uninstall pip3
  • sudo python eternalblue_checker.py [target IP]
  • cd shellcode
  • chmod +x shell_prep.sh
  • sudo ./shell_prep.sh
  • ifconfig
  • chmod +x listener.py
  • sudo ./listener.py
  • sudo python eternalblue_exploit7.py [target IP] [path to shellcode]

Video Walk-through

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles