Eternal-Blue
eternalBlue is an exploit thatallows cyber threat actors to remotely execute arbitrary code and gain access to a network by sending specially crafted packets. It exploits a software vulnerability in Microsoft’s Windows operating systems (OS) Server Message Block(SMB) version 1 (SMBv1) protocol, a network file sharing protocol that allows access to files on a remoteserver.
This exploit potentially allows cyber threat actors to compromise the entire network and all devices connected to it. Due to EternalBlue’s ability to compromise networks, if one device is infected by malware via EternalBlue, every device connectedto the network is at risk. This makes recovery difficult, asall devices on a network may have to be taken offline for remediation.This vulnerability was patched and is listed on Microsoft’s security bulletin as MS17-010
As always we start with nmap scanning,
sudo nmap -A 10.10.237.221
Inline-style:
Escalate
If you haven't already, background the previously gained shell (CTRL + Z). Research online how to convert a shell to meterpreter shell in metasploit. What is the name of the post module we will use? (Exact path, similar to the exploit we previously selected)
Top comments (0)