PROJECT

Exploit Windows That Has Vulnerable on SMB MS17-010 Using EternalBlue

Created by:

1. MUHAMMAD ANUM FADHILLAH

2. RIZKY SYAHRIAL ZULVA

Faculty : IVAN FIRDAUS, S.T

Semester 4

Quarter 2

Class : 4NAP1

CONTINUING EDUCATION PROGRAM CENTER

FOR COMPUTING AND INFORMATION
TECHNOLOGY FACULTY OF ENGINEERING
UNIVERSITY OF INDONESIA
2022
 PROJECT ON
Exploit Windows That Has Vulnerable on SMB MS17-010
Using EternalBlue

Created by

Group : 2

Name : - Muhammad Anum Fadhillah

- Rizky Syahrial Zulva

1
 PROJECT ON
Exploit Windows That Has Vulnerable on SMB MS17-010
Using EternalBlue

Batch Code : 4NAP1

Start Date : 5 JULY 2022

End Date : 13 JULY 2022

Name of the Coordinator : Ivan Firdaus,S.T

Name of Developer : - Muhammad Anum Fadhillah

- Rizky Syahrial Zulva

Date of Submission : 14 JULY 2022

2
 CERTIFICATE

This paper is to state that a report has been made to complete Project Linux under the
title Exploit Windows That Has Vulnerable on SMB MS17-010 Using EternalBlue,
realizing the original work done by Muhammad Anum Fadhillah, and Rizky Syahrial
Zulva in fulfillment of part of their requirtment course at CompTia.

Coordinator: Ivan Firdaus , S.T

3
 ACKNOWLEDGEMENT

Writer have benefited a lot from the feedback and suggestions given to us by Mr. Ivan
Firdaus, S.T, and other faculty members. Writer make this project to fulfill ourassignment.
Writer said Alhamdulillah to Allah S.W.T because of his blessing, writer can complete this
project. Writer know this paper is far from perfection. Writer hope if writer friend and writer
faculty give any comment and suggestion to make this paper better than before.

If the writer made a mistake in writing the application of this Configuration Exploit
Windows That Has Vulnerable on SMB MS17-010 Using Eternalblue, Writer ask
forgive to all reader and listener of this paper.

Depok, 5 July 2022

Author

4
System Summary:

• EternalBlue is an exploit most likely developed by the NSA as a former zero-day. It

was released in 2017 by the Shadow Brokers, a hacker group known for leaking tools
and exploits used by the Equation Group, which has possible ties to the Tailored
Access Operations unit of the NSA.
• EternalBlue, also known as MS17-010 is a vulnerability in Microsoft's Server
Message Block (SMB) protocol. SMB allows systems to share access to files,
printers, and other resources on the network. The vulnerability is allowed to occur
because earlier versions of SMB contain a flaw that lets an attacker establish a null
session connection via anonymous login. An attacker can then send malformed
packets and ultimately execute arbitrary commands on the target.
• Windows systems that had vulnerability on SMB MS17-010:
• Windows XP x86 (All Service Packs)
• Windows 2003 x86 (All Service Packs)
• Windows 7 x86 (All Service Packs)
• Windows 7 x64 (All Service Packs)
• Windows 2008 R2 x64 (All Service Packs)
• Windows 8.1 x64
• Windows Server 2012 R2 x64
• Windows 10 Pro x64 (< Version 1507)
• Windows 10 Enterprise Evaluation x64 (< Version 1507)

5
 i Network Scheme
ii
iii

iv
v
vi

Some Attacker using public network to find the vulnerability of the hosts. As we know many
people using public network are unsafe. The attacker scan the network using Nmap with specific
vulnarability smb-vuln-ms17-010. After successfully found the target that has vulnerability the
attacker will exploit target with EternalBlue using Metasploit.

vii

viii
ix
x
xi
xii
xiii
xiv
xv
xvi
at have been captured in

6
 xvii
xviii
Scan Vulnerability on Network Using Nmap
xix
xx
1.xxi First, we check our IP address connection
xxii

2. We can use Nmap as an alternative to the Metasploit scanner to discover if a target is

vulnerable to EternalBlue. We'll be using the smb-vuln-ms17-010 script to check for the
vulnerability.

xxiii

xxivAfter Nmap finished scanning we found out, on network 192.168.1.0/24 there is one device
3.
xxvwith IP address 192.168.1.13 has vulnerable on SMB MS17-010
xxvi
xxvii
xxviii
xxix
xxx
xxxi
xxxii
xxxiii
xxxiv
xxxv

7
 Exploit Target Using EternalBlue

1. Open Metasploit and search for EternalBlue

2. We use the matching module for EternalBlue exploit

3. Check options

8
 Exploit Target Using EternalBlue

4. Set IP address of the target

5. Set our IP address and port that we are going to use, we can use any port as long as it’s
available to use

6. We load trusty reverse_tcp shell as the payload.

7. That should be everything, so the only thing left to do is launch the exploit. Use
the run command to fire it off.

9
 Exploit Target Using EternalBlue

8. Verify the that the target is already compromised by running command sysinfo and getuid

10
 SWOT

Strength:
All the tools are easy to use, we just need the basic configuration of Linux. This project can be
implemented into real cases, to check the vulnerability of windows.

Weakness:
The vulnerability on smb-vuln-ms17-010 is already patched and that makes not all Windows can be
exploit.

Opportunities:
There are still computers that are not patched and has the vulnerability on smb-vuln-ms17-010.

Threats:
Metasploit injection is absolutely illegal, which violates the rules and policies of thieving and copying
data without permission. This will cause harm to many people, especially in business model.

11
 Solution to Counter EternalBlue Exploit Attack

To prevent EternalBlue exploit you can do these simple things:

1. Do regular updates on the OS that we have.

2. Check your firewall is on.
3. Filtering on ".exe" files especially on the email system we use.
4. Encrypting data that we consider important.
5. Use and activate the latest antivirus.
6. Get used to not easily downloading files or clicking on suspicious links

12
 EternalBlue

Conclusion:
EternalBlue is an exploit that allows cyber threat actors to remotely execute arbitrary code and gain
access to a network by sending specially crafted packets. It exploits a software vulnerability in
Microsoft’s Windows operating systems (OS) Server Message Block (SMB) version 1 (SMBv1)
protocol, a network file sharing protocol that allows access to files on a remote server. This exploit
potentially allows cyber threat actors to compromise the entire network and all devices connected to
it.
Suggestion:
Some of the suggestions we give for this project are about how important it is to patch our Windows
system so that it is not easy to be hacked, and if there has been a vulnerability like this, it would be
nice to re-filter the suspicious files in order to minimize data that could potentially be stolen

13
 CONFIGURATIN

Hardware: 1 1 t h G e n I n t e l ( R ) C o r e ( T M ) i 7 - 1 1 8 0 0 H @
2.30GHz 2.30 GHz 16GB RAM

Operating System: Kali Linux 2020, Windows 11 Home Single Language

Software: Microsoft Word, Microsoft Power Point, VMware

PROJECT FILE DETAILS

No File Name Remarks

1 Exploit Windows That Has Vulnerable on Word Document

SMB MS17-010 Using Eternalblue
2 Exploit Windows That Has Vulnerable on Power Point
SMB MS17-010 Using Eternalblue
3 Exploit Windows That Has Vulnerable on Video Presentation
SMB MS17-010 Using Eternalblue

14