"Eternal Blues" Tool Tests Computers Against NSA's ETERNALBLUE Exploit

[LASER_oneXM]

..some quotes from the article:

Security researcher Elad Erez has created a tool named Eternal Blues that system administrators can use to test if computers on their network are vulnerable to exploitation via NSA's ETERNALBLUE exploit.
Erez released his tool on Wednesday, a day after the NotPetya ransomware caused damages to thousands of computers across the globe.

Just like WannaCry did in last month's outbreak, NotPetya also used ETERNALBLUE as a means to spread from one computer to the next.

In hacking and cyber-security circles, ETERNALBLUE is considered one of the most potent exploits ever seen. A testament to its efficiency and ability to create virulent threats stand the two ransomware outbreaks that took place just two months after its release.

Under the hood, ETERNALBLUE leverages a vulnerability (CVE-2017-0144) in the SMBv1 file sharing protocol. Windows computers — where SMBv1 comes enabled by default — mishandles specially crafted SMB packets and allows an attacker to execute arbitrary code on the user's computer.

 

[Deleted member 178]

I knew the result of my network before using the tool, knew it won't change after the test. From what i saw, it is just a portscanner.

 

[woodrowbone]

I tested it and my Windows 10 computer was vulnerable, I was under the impression that that was not possible?

/W

 

[Deleted member 178]

@woodrowbone I dont know all the details about this tool, but i guess if port 445 is open , then you are vulnerable.

 

[woodrowbone]

Umbra, I tested it today with the updated version and now all was ok...
Bug in the tool?

/W

 

[Deleted member 178]

No idea

 

[WinXPert]

Mine is vulnerable 3 out of 4 responsive hosts. Need to switch to Linux ASAP.

 

[Deleted member 178]

Mine is vulnerable 3 out of 4 responsive hosts. Need to switch to Linux ASAP.

no need, disable SMB1.0 and block port 445 on your FW.

 

[ispx]

Need to switch to Linux ASAP.

The leading operating system for PCs, IoT devices, servers and the cloud | Ubuntu

no need, disable SMB1.0 and block port 445 on your FW.

good morning mod.

please be kind enough to guide the beginners as to how that can be done. a link to a guide / tutorial would be perfect.

 

[WinXPert]

The leading operating system for PCs, IoT devices, servers and the cloud | Ubuntu



good morning mod.

please be kind enough to guide the beginners as to how that can be done. a link to a guide / tutorial would be perfect.

How to disable SMBv1 in Windows 10 and Windows Server
Top Three Easy Methods to Block TCP Port 445 in Windows 10/7/XP

 

[soccer97]

Ports 445 and 139 seem to be targeted. Some articles suggest creating rules to block incoming traffic (TCP?) on either your Router or Firewall.

As more threats emerge hopefully they will at least use some form of CVD.