Eternal blue

vulnerability in smb CVE-2017-0144 — https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0144

The NSA allegedly spent almost a year hunting for a bug in Microsoft’s software. Once they found it, the NSA developed EternalBlue to exploit the vulnerability. The NSA used EternalBlue for five years before alerting Microsoft of its existence.

to know if the machine is vulnerable

$ nmap -p445 --script smb-vuln-\* 10.10.10.40

Host script results:
|_smb-vuln-ms10-054: false
| smb-vuln-ms17-010:
|   VULNERABLE:
|   Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2017-0143
|     Risk factor: HIGH
|       A critical remote code execution vulnerability exists in Microsoft SMBv1
|        servers (ms17-010).
|
|     Disclosure date: 2017-03-14
|     References:
|       https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
|_      https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND

see Machine Blue - Easy - Windows to how to exploit it

Kzk's garden

Explorer

Eternal blue

Eternal blue

Graph View

Backlinks