EternalBlue
EternalBlue is a critical software vulnerability in the Microsoft Windows Operating System that exploits Microsoft's implementation of the SMBv1 protocol.
EternalBlue takes advantage of three bugs:
A mathematical error occurs when SMBv1 tries to determine how much memory to allocate, creating a buffer overflow environment.
Two SMBv1 subcommands, SMB_COM_TRANSACTION2 and SMB_COM_NT_TRANSACT, create a validation error if NT_TRANSACT is used immediately before TRANSACTION2. This validation error causes SMBv1 to allocate memory based on TRANSACTION2, whose packet is half the size of NT_TRANSACT. Thus, the NT_TRANSACT packet will occupy more space than it is allocated.
SMBv1 vulnerability that allowed for heap spraying, which results in allocating a chunk of memory at a given address.
Due to how widely spread EternalBlue is, there is a module that allows you to easily exploit it using Metasploit.
msfconsole
use exploit/windows/smb/ms17_010_eternalblue
set rhosts [target host]
runLast updated