Premise
In this post, I’ll show you how I performed a basic penetration test on a Windows machine, specifically targeting the infamous “Eternal Blue” vulnerability. My goal is to walk you through the process of identifying and exploiting this vulnerability, while also explaining the importance of understanding what you’re dealing with before you jump into exploitation.
Machine Name: Eternal Blue TryHackMe
Difficulty: Easy
Skills Learned
- Windows Exploitation
- Eternal blue vulnerability
In this video, I’ll show you how I performed a basic penetration test on a Windows machine, specifically targeting the infamous “Eternal Blue” vulnerability. My goal is to walk you through the process of identifying and exploiting this vulnerability, while also explaining the importance of understanding what you’re dealing with before you jump into exploitation. 🕵️♂️
Scanning and Reconnaissance
My first step was to scan the target machine to see what ports were open and what services were running. I used the popular port scanner, nmap, for this. I started with a basic scan to get a quick overview and then followed up with a more aggressive scan to gather more detailed information about the services running on the open ports.
Understanding Eternal Blue
While the scans were running, I took a moment to explain what Eternal Blue is. It’s a critical vulnerability that affects the Server Message Block (SMB) version 1 protocol. This vulnerability allows an attacker to gain remote access to a system. It affects a wide range of Windows operating systems, including Windows 7, Windows 8.1, and even some versions of Windows 10.
Identifying the Vulnerability
Once my nmap scans were complete, I used its scripting engine with the vuln
switch to specifically look for known vulnerabilities. This scan confirmed that the target machine was indeed vulnerable to Eternal Blue on its SMB service.
Finding and Preparing the Exploit
With the vulnerability confirmed, it was time to find an exploit. I used searchsploit to look for available exploits and also did a quick search on Google and GitHub to find a suitable Python-based exploit for Eternal Blue.
The exploit I chose required a shellcode. I used a shellcode maker script to generate a reverse shell payload, making sure to specify my own IP address and the ports I wanted to use for the connection.
The Exploitation Attempt
Before running the exploit, I set up a listener on my machine to catch the incoming connection from the compromised target. Then, I launched the Eternal Blue exploit, providing the target’s IP address and the path to the shellcode I had generated.
Unfortunately, due to some connection instability, while the exploit did run successfully, I didn’t receive a session back on my listener. It’s a good reminder that even with a known vulnerability and a working exploit, things don’t always go as planned in the world of penetration testing!
Technical Commands Used
Here are the commands I used in the terminal during this penetration test:
sudo nmap -Pn [target IP]
sudo nmap -A [target IP]
ls /usr/share/nmap/scripts
ls -l *smb*
sudo nmap --script vuln [target IP]
searchsploit ms17-010
chmod +x [exploit_name.py]
python [exploit_name.py] [target IP]
sudo pip3 uninstall pip3
sudo python eternalblue_checker.py [target IP]
cd shellcode
chmod +x shell_prep.sh
sudo ./shell_prep.sh
ifconfig
chmod +x listener.py
sudo ./listener.py
sudo python eternalblue_exploit7.py [target IP] [path to shellcode]