Disclaimer: This blog is for educational purpose only!!!

In this blog we will talk about popular vulnerability called EternalBlue vulnerability which is present in Microsoft Server Message Block 1.0 (SMBv1) server.

What is SMB?

For shared access to files, directories, printers, serial ports, and other network resources, the client-server Server Message Block (SMB) protocol is used. Additionally, it offers an inter-process communication (IPC) process that is authenticated.

We already scanned the Windows7 VirtualBox machine using Nmap tool. Please checkout that blog from below mentioned link.

https://blogs.elanustechnologies.com/infrastructure-information-gathering/

We saw that port 445/TCP is open which is referred to “SMB” and port 445 facilitates file and printer sharing in Windows networks. Now, we start Metasploit-Framework in our main Kali Linux machine and search for scanner and exploit of SMB protocol.

Now we type “show options” to set the options before starting the scan. After we set the options for scanning, then we scan the system and get to know that this Windows7 machine is vulnerable to MS17-0101 vulnerability.

We got to know that target system is vulnerable for MS17-0101. Again set the options to exploit this vulnerability.

After options are set for exploitation then, type command “exploit” to start the process of exploitation of this vulnerability.

Once system is successfully exploited then Windows7 machine gives a popup automatically on screen and windows explorer stops working.

In few seconds system will open different command prompt windows as shown below.

System automatically gives command prompt popup on screen and system gets restarted, that means Windows7 is crashed because of buffer overflow exploit.

How to Prevent:

  • EternalBlue is a vulnerability present on Microsoft Windows Systems with old versions of the Microsoft Windows File and Printer Sharing service (SMB). To patch this vulnerability we have to install the MS17-010 security update from Microsoft.
  • Use original Windows system with enabled automatic updates of Windows machine. So that all required security updates will be downloaded and installed automatically on the system.

References:

  • https://learn.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview