Skill

exploiting-ms17-010-eternalblue-vulnerability

From asi

Guides red team exploitation of MS17-010 EternalBlue SMBv1 vulnerability: scanning with Nmap, Metasploit execution, post-exploitation persistence and credential dumping. For authorized pentests.

Python

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

MS17-010 (EternalBlue) is a critical vulnerability in Microsoft's SMBv1 implementation that allows remote code execution. Originally discovered by the NSA and leaked by the Shadow Brokers in 2017, it was used in the WannaCry and NotPetya ransomware campaigns. Despite patches being available since March 2017, many organizations still have unpatched systems, making it a viable red team exploitati...

SKILL.md

Similar Skills

exploiting-ms17-010-eternalblue-vulnerability

5.9k

Guides authorized red team exploitation of MS17-010 EternalBlue SMBv1 vulnerability, covering scanning with Nmap, execution via Metasploit/Python, and post-exploitation.

7 files

cybersecurity-skills

exploiting-ms17-010-eternalblue-vulnerability

Guides red-teaming exploitation of MS17-010 EternalBlue SMBv1 vulnerability: scanning with Nmap, exploiting via Metasploit/AutoBlue, post-exploitation persistence.

7 files

cybersecurity-skills-zh

exploiting-smb-vulnerabilities-with-metasploit

Identifies and exploits SMB vulnerabilities using Metasploit during authorized pentests, targeting unpatched Windows systems, misconfigured shares, and weak authentication in networks.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Exploiting MS17-010 EternalBlue Vulnerability

Overview

When to Use

When performing authorized security testing that involves exploiting ms17 010 eternalblue vulnerability
When analyzing malware samples or attack artifacts in a controlled environment
When conducting red team exercises or penetration testing engagements
When building detection capabilities based on offensive technique understanding

Prerequisites

Familiarity with red teaming concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

MITRE ATT&CK Mapping

T1210 - Exploitation of Remote Services
T1190 - Exploit Public-Facing Application
T1569.002 - System Services: Service Execution

Workflow

Phase 1: Vulnerability Scanning

Scan target networks for SMB port 445
Check for SMBv1 protocol support
Run MS17-010 vulnerability check (Nmap NSE script or Metasploit auxiliary)
Document vulnerable systems with OS version and patch level

Phase 2: Exploitation

Select appropriate exploit variant based on target OS
Configure exploit payload (Meterpreter, Cobalt Strike beacon, custom shellcode)
Execute exploit against confirmed vulnerable target
Verify code execution and establish session

Phase 3: Post-Exploitation

Establish persistence on compromised system
Dump credentials from memory
Use compromised host as pivot point
Document exploitation evidence

Tools and Resources

Tool	Purpose
Nmap ms-17-010 NSE scripts	Vulnerability detection
Metasploit ms17_010_eternalblue	Exploitation module
Metasploit ms17_010_psexec	Alternative exploitation
AutoBlue-MS17-010	Standalone Python exploit
CrackMapExec	Mass SMB vulnerability scanning

Detection Indicators

IDS/IPS signatures for EternalBlue exploit traffic
SMBv1 negotiation from unusual source hosts
Event ID 7045: New service installation after exploitation
Anomalous named pipe activity on SMB
Large SMB write requests characteristic of buffer overflow

Validation Criteria

Vulnerable systems identified via scanning
Exploitation achieved on authorized target
Code execution confirmed with session established
Post-exploitation activities documented
Remediation recommendations provided