July 12, 2020

Exploiting MS17-010 “EternalBlue” w/ Reverse TCP Meterpreter Payload

While performing a vulnerability scan, I ran across an unpatched Windows 7 machine that is vulnerable to eternalblue.

msfconsole showing a returned meterpreter shell

Gather intel about the target with, sysinfo.

Find out what level of privileges you have with, getuid. Fortunately, I acquired SYSTEM privileges!!!

Now it’s time to pwn the box by getting a shell on the target with, shell.

Quickly gain persistence but creating a new user, preferably with a username that would blend in to other usernames on the system. I didn’t do that here, I created a root user for effect.

Grab the hashes incase you lose connection to the victim. You can crack them offline and come back later. I should’ve done this before I opened a shell, but I exited back out to the meterpreter shell and ran hashdump.

When you are finished, wipe out the logs and cover your tracks with, clearev.