MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution

Posted by deepcore on February 3, 2018 – 11:21 am

This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type confusion between Transaction and WriteAndX requests and a race condition in Transaction requests, as seen in the EternalRomance, EternalChampion, and EternalSynergy exploits. This exploit chain is more reliable than the EternalBlue exploit, but requires a named pipe.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://maesun-sao.go.th/research.dat Apport / ABRT chroot Privilege Escalation »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL