SMB ms17-010 - EternalBlue Vulnerability Scanner

The SMBv1 server allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability."

Short Info

Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4

Parent Category

SMB ms17-010 - EternalBlue Vulnerability Scanner Detail

Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code execution vulnerability (ms17-010, a.k.a. EternalBlue). The vulnerability is actively exploited by WannaCry and Petya ransomware and other malware. The script connects to the $IPC tree, executes a transaction on FID 0 and checks if the error "STATUS_INSUFF_SERVER_RESOURCES" is returned to determine if the target is not patched against ms17-010. Additionally it checks for known error codes returned by patched systems. Tested on Windows XP, 2003, 7, 8, 8.1, 10, 2008, 2012 and 2016.

References:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
https://msdn.microsoft.com/en-us/library/ee441489.aspx
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb
https://github.com/cldrn/nmap-nse-scripts/wiki/Notes-about-smb-vuln-ms17-010

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.

Try it yourself,
control security posture

Get free usage

Learn More About Product