Skill

exploiting-ms17-010-eternalblue-vulnerability

Guides authorized red team exploitation of MS17-010 EternalBlue SMBv1 vulnerability, covering scanning with Nmap, execution via Metasploit/Python, and post-exploitation.

Python

security

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code execution. Originally discovered by the NSA and leaked by the Shadow Brokers in 2017, it was used in the WannaCry and NotPetya ransomware campaigns. Despite patches being available since March 2017, many organizations still have unpatched systems, making it a viable red team exploitati...

Supporting Assets

LICENSEassets/template.mdreferences/api-reference.mdreferences/standards.mdreferences/workflows.mdscripts/agent.pyscripts/process.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Exploiting MS17-010 EternalBlue Vulnerability

Overview

When to Use

When performing authorized security testing that involves exploiting ms17 010 eternalblue vulnerability
When analyzing malware samples or attack artifacts in a controlled environment
When conducting red team exercises or penetration testing engagements
When building detection capabilities based on offensive technique understanding

Prerequisites

Familiarity with red teaming concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

MITRE ATT&CK Mapping

T1210 - Exploitation of Remote Services
T1190 - Exploit Public-Facing Application
T1569.002 - System Services: Service Execution

Workflow

Phase 1: Vulnerability Scanning

Scan target networks for SMB port 445
Check for SMBv1 protocol support
Run MS17-010 vulnerability check (Nmap NSE script or Metasploit auxiliary)
Document vulnerable systems with OS version and patch level

Phase 2: Exploitation

Select appropriate exploit variant based on target OS
Configure exploit payload (Meterpreter, Cobalt Strike beacon, custom shellcode)
Execute exploit against confirmed vulnerable target
Verify code execution and establish session

Phase 3: Post-Exploitation

Establish persistence on compromised system
Dump credentials from memory
Use compromised host as pivot point
Document exploitation evidence

Tools and Resources

Tool	Purpose
Nmap ms-17-010 NSE scripts	Vulnerability detection
Metasploit ms17_010_eternalblue	Exploitation module
Metasploit ms17_010_psexec	Alternative exploitation
AutoBlue-MS17-010	Standalone Python exploit
CrackMapExec	Mass SMB vulnerability scanning

Detection Indicators

IDS/IPS signatures for EternalBlue exploit traffic
SMBv1 negotiation from unusual source hosts
Event ID 7045: New service installation after exploitation
Anomalous named pipe activity on SMB
Large SMB write requests characteristic of buffer overflow

Validation Criteria

Vulnerable systems identified via scanning
Exploitation achieved on authorized target
Code execution confirmed with session established
Post-exploitation activities documented
Remediation recommendations provided