MS17-010 Research
Switch branches/tags
Nothing to show
Clone or download
Latest commit 8a2517e May 18, 2017
Failed to load latest commit information. Update May 18, 2017


As all of our research is now in Metasploit master repository, there was no reason to confuse everyone by keeping this repository open as there were two versions of everything and due to overwhelming popularity support became a nightmare as this is merely a side project. Please do not make support issues here, as they will not be answered.

Those searching for the scanners:

Those searching for EternalBlue:

This version disproved the robustness of most existing IDS rules (at the time). Those looking to make IDS rules should look at the final SMB1 Trans2 packet. These contain fixed offsets, however it may be possible to use other addresses. However, the hole in which those offsets lie must always be laid out in a similar manner. There are also numerous other patterns, such as several SMB2 groom requests with null headers and shellcode, as well as the "free hole" session setups.

Windows kernel shellcode will be in Metasploit as well as submitted to exploit-db when x86 version is completed.