EternalBlue: Metasploit Module for MS17-010

This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability. This week, EternalBlue has been big news again due to attackers using it to devastating effect in a highly widespread ransomware attack, WannaCry. Unless you've been vacationing on a remote island, you probably already know about this; however, if you have somehow managed to miss it, check out Rapid7's resources on it, including guidance on how to scan for MS17-010 with Rapid7 InsightVM or Rapid7 Nexpose.

 

The Metasploit module - developed by contributors zerosum0x0 and JennaMagius - is designed specifically to enable security professionals to test their organization's vulnerability and susceptibility to attack via EternalBlue. It does not include ransomeware like WannaCry does and it won't be worming its merry way around the internet.

 

Metasploit is built on the premise that security professionals need to have the same tools that attackers do in order to understand what they're up against and how best to defend themselves. The community believes in this, and we have always supported it. This philosophy drove the amazing Metasploit contributor community to take on the challenge of reverse engineering and recreating the EternalBlue exploit as quickly and reliably as possible, so they could arm defenders with the info they need. We want to say a big thanks to JennaMagius and zerosum0x0 for their work on this.

 

From a vulnerability management perspective, there are a lot things that security practitioners can do to understand their exposure, however, with Metasploit you can go beyond theoretical risk and show the impact of compromise. Access to systems is more concrete evidence of the problem. Metasploit effectively allows security practitioners to test their own systems and dispel the hype and speculation of headlines with facts.

 

From a penetration testing perspective, research shows that over two thirds of engagements had exploitable vulnerabilities leading to compromise. Metasploit modules such as EternalBlue enable security practitioners to communicate the real impact of not patching to the business.