Skip to main content

One post tagged with "Eternal Blue"

Eternal Blue is a Windows vulnerability (CVE-2017-0144) that allows an attacker to remotely execute code on a vulnerable system using SMBv1 protocol. It was originally discovered by the NSA and leaked by the Shadow Brokers group in 2017, and has since been used by various malware and attackers, including WannaCry, NotPetya, and others. Eternal Blue exploits a weakness in the Windows Remote Procedure Call (RPC) service, allowing an attacker to gain elevated privileges and take control of a compromised system.

View All Tags

HTB | Blue | Write-Up

· 14 min read

Summary:

We spawn a target machine, then perform reconnaissance to gather initial information about its services and vulnerabilities. We identify an SMB vulnerability, which we investigate further by searching for applicable exploits (specifically CVE-2017-0144).

Using this knowledge, we configure an exploit with Metasploit to take advantage of the discovered vulnerability. Next, we verify the vulnerability's presence using Metasploit's capabilities. With the exploit confirmed, we run it against the target machine, leveraging its SMB vulnerability to gain access. We then proceed to grab both the user flag and root flag, ultimately achieving System Own status once these tasks are accomplished.

Machine Name: Blue | Difficulty: Easy | OS: Windows