Introduction

Today using Legacy from HTB I will show you how to exploit MS17-010 EternalBlue with a custom shell-code and without the use of Metasploit. This is a perfect entry-level point for learning about the Eternal series. As the OSCP only allows the use of Metasploit once in the exam picking the proper time is imperative. I mentioned using a GitHub repo in a previous post, Lame however I found myself unable to get a stable, fully interactive shell.

I would recommend reading the article HERE as another method but below are the files I used for the exploit:

zzz_exploit2.py

checker.py

Both the checker.py and zzz_exploit2.py are available from the article above. The zzz_exploit2.py is just a modified version pointing to a reverse shell.

Running the checker and exploit scripts to crack the box.

Running the checker and exploit scripts to crack the box.

Copy

After confirming the exploit worked I grabbed both flags. Below is an example of a command I used well studying for my OSCP to document ‘flags’. You can also add in whoami and other commands to suit to your preference.

Copy
Showing 'root' flags off in style. Useful for the OSCP.

Showing ‘root’ flags off in style. Useful for the OSCP.

Rooted

Published On: October 8th, 2020 / Categories: HTB, Technology / Tags: , , , , /

Leave A Comment