Share
## https://sploitus.com/exploit?id=A3320C92-4D04-58AB-90D6-E709AD77310A
# EternalBlue (MS17-010) Exploitation Lab

A professional, end-to-end technical guide for demonstrating the exploitation of the MS17-010 "EternalBlue" vulnerability. This repository provides a structured approach for security professionals to understand the reconnaissance, exploitation, and post-exploitation phases within controlled laboratory environments.

## Overview

This project documents the exploitation workflow against a Windows 7 target, detailing the transition from initial network scanning to full system compromise and persistence.

## Lab Requirements

To replicate this environment for testing, the following setup is required:

### 1. Target System (Victim)
- **OS:** Windows 7 Ultimate SP1 (x64 preferred).
- **Configuration:** Unpatched (MS17-010 vulnerability present).
- **Network:** Reachable via SMB (Port 445) from the attacker machine.
- **Environment:** Dedicated Virtual Machine (e.g., VMware or VirtualBox) in a host-only or NAT network.

### 2. Attacker System
- **OS:** Linux (Kali Linux or Parrot OS recommended).
- **Tools Required:** 
  - Metasploit Framework (`msfconsole`)
  - Nmap (with `smb-vuln-ms17-010` script)
  - Hashcat (for credential cracking)
- **Network:** Static IP recommended for stable reverse shell connections.

## Key Features

- **Automated Reconnaissance:** Nmap-based vulnerability identification and service enumeration.
- **Exploitation Workflow:** Reliable exploitation using the Metasploit Framework.
- **Post-Exploitation Suite:** Comprehensive instructions for credential harvesting, surveillance, and persistent access.
- **Network Pivoting:** Techniques for lateral movement and internal network scanning from a compromised host.
- **Persistence Mechanisms:** Implementation of stable backdoors for maintained access.

## Contents

- `runbook.md`: The primary execution guide containing all technical commands, expected outputs, and troubleshooting procedures.

## Security Disclaimer

This documentation is intended for educational purposes and authorized penetration testing only. Unauthorized access to computer systems is illegal. Always ensure you have explicit permission before conducting any security assessments.