SMB ms17-010 - EternalBlue Vulnerability Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

SMB ms17-010 - EternalBlue Vulnerability Scanner Detail

The SMBv1 server allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability."

Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code execution vulnerability (ms17-010, a.k.a. EternalBlue). The vulnerability is actively exploited by WannaCry and Petya ransomware and other malware. The script connects to the $IPC tree, executes a transaction on FID 0 and checks if the error "STATUS_INSUFF_SERVER_RESOURCES" is returned to determine if the target is not patched against ms17-010. Additionally it checks for known error codes returned by patched systems. Tested on Windows XP, 2003, 7, 8, 8.1, 10, 2008, 2012 and 2016.

References:

  • https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  • https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
  • https://msdn.microsoft.com/en-us/library/ee441489.aspx
  • https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb
  • https://github.com/cldrn/nmap-nse-scripts/wiki/Notes-about-smb-vuln-ms17-010

Some Advice for Common Problems

You need to apply related fixes.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service