Windows SMBv1 Remote Code Execution Vulnerability

This repository is a small lab/demo project built around a Metasploit exploit module and a harmless ransomware-themed batch script. Because it is part of the Metasploit framework, the main exploit file is ms17_010_eternalblue.rb, a Ruby Metasploit module implementing the EternalBlue SMB exploit against vulnerable Microsoft Windows SMBv1 targets. The module is clearly a real exploit, not just a detector: it performs SMB protocol interaction over TCP/445, supports anonymous or credentialed SMB authentication, uses the auxiliary/scanner/smb/smb_ms17_010 check module, and is designed to achieve remote kernel memory corruption leading to arbitrary code execution. The module metadata indicates support for multiple Windows versions including Windows 7, Windows Embedded Standard 7, Server 2008 R2, Windows 8/8.1, Server 2012, and some Windows 10 Pro builds, and references the MS17-010 vulnerability set (CVE-2017-0143 through CVE-2017-0148). In practical use, the README demonstrates pairing it with a windows/x64/meterpreter/reverse_tcp payload to obtain a SYSTEM-level Meterpreter session. Repository structure is simple: README.md documents a university lab exercise, exploitation workflow, post-exploitation commands, and mitigation via KB4012212; ms17_010_eternalblue.rb is the actual exploit module; wannacry64.bat is a separate Windows batch file that only simulates a WannaCry-style ransom screen. The batch file contains no encryption, persistence, propagation, or destructive logic; it displays a countdown, fake progress bar, sample filenames, and a hardcoded Bitcoin address as part of the visual demo. Overall, the repository’s purpose is educational: demonstrate exploitation of MS17-010 in an isolated lab, show post-exploitation access, and then illustrate a safe ransomware-themed payload simulation plus patch-based mitigation.

This repository provides a Python-based exploit for the MS17-010 vulnerability (CVE-2017-0143), also known as EternalRomance/EternalSynergy, targeting Microsoft Windows systems via the SMB protocol (port 445). The exploit consists of several files: 'send_and_execute.py' (main exploit script), 'checker.py' (vulnerability and named pipe checker), 'mysmb.py' (SMB protocol extensions for exploitation), and a README.md with detailed usage instructions. The exploit allows an attacker to upload and execute an arbitrary payload (such as a reverse shell) on a vulnerable Windows machine by exploiting the SMB service. The attacker must provide a payload executable (e.g., generated with msfvenom) and can use the included scripts to check for vulnerability and execute the attack. The exploit supports a wide range of Windows versions (from Windows 2000 up to Windows 10/2016) and leverages named pipes (e.g., browser, spoolss, netlogon, lsarpc, samr) for exploitation. The repository is operational and provides all necessary components for successful exploitation, assuming the target is vulnerable and accessible over the network.

This repository contains a Python3 exploit for MS17-010 (CVE-2017-0143), a critical vulnerability in Microsoft Windows SMBv1. The main file, 'exploit.py', implements the exploit logic, targeting a wide range of Windows versions from Windows 2000 through Windows 10 and Windows Server 2016. The exploit leverages the same bug as the NSA's 'EternalRomance' and 'EternalSynergy' exploits, manipulating SMB transactions and session security contexts to achieve remote code execution as SYSTEM. The exploit is highly reliable on Windows 7 and later, with additional logic to minimize the risk of crashing the target. The 'mysmb.py' file provides SMB protocol extensions and helper classes, including a minimal SMB server for post-exploitation. The exploit requires network access to the target's SMB service (typically on TCP port 445 or 139) and can provide a remote shell upon success. The repository is operational and suitable for real-world exploitation of unpatched systems.