"Eternal Blues" Tool Tests Computers Against NSA's ETERNALBLUE Exploit

LASER_oneXM · Jul 1, 2017

..some quotes from the article:

Security researcher Elad Erez has created a tool named Eternal Blues that system administrators can use to test if computers on their network are vulnerable to exploitation via NSA's ETERNALBLUE exploit.
Erez released his tool on Wednesday, a day after the NotPetya ransomware caused damages to thousands of computers across the globe.

Just like WannaCry did in last month's outbreak, NotPetya also used ETERNALBLUE as a means to spread from one computer to the next.

In hacking and cyber-security circles, ETERNALBLUE is considered one of the most potent exploits ever seen. A testament to its efficiency and ability to create virulent threats stand the two ransomware outbreaks that took place just two months after its release.

Under the hood, ETERNALBLUE leverages a vulnerability (CVE-2017-0144) in the SMBv1 file sharing protocol. Windows computers — where SMBv1 comes enabled by default — mishandles specially crafted SMB packets and allows an attacker to execute arbitrary code on the user's computer.

Deleted member 178 · Jul 1, 2017

I knew the result of my network before using the tool, knew it won't change after the test. From what i saw, it is just a portscanner.

woodrowbone · Jul 2, 2017

I tested it and my Windows 10 computer was vulnerable, I was under the impression that that was not possible?

/W

Deleted member 178 · Jul 2, 2017

@woodrowbone I dont know all the details about this tool, but i guess if port 445 is open , then you are vulnerable.

woodrowbone · Jul 2, 2017

Umbra, I tested it today with the updated version and now all was ok...
Bug in the tool?

/W

Deleted member 178 · Jul 2, 2017

No idea

WinXPert · Jul 2, 2017

Mine is vulnerable 3 out of 4 responsive hosts. Need to switch to Linux ASAP.

Deleted member 178 · Jul 2, 2017

WinXPert said:
Mine is vulnerable 3 out of 4 responsive hosts. Need to switch to Linux ASAP.

no need, disable SMB1.0 and block port 445 on your FW.

ispx · Jul 2, 2017

WinXPert said:
Need to switch to Linux ASAP.

The leading operating system for PCs, IoT devices, servers and the cloud | Ubuntu

Umbra said:
no need, disable SMB1.0 and block port 445 on your FW.

good morning mod.

please be kind enough to guide the beginners as to how that can be done. a link to a guide / tutorial would be perfect.

WinXPert · Jul 3, 2017

ispx said:
The leading operating system for PCs, IoT devices, servers and the cloud | Ubuntu

good morning mod.

please be kind enough to guide the beginners as to how that can be done. a link to a guide / tutorial would be perfect.

How to disable SMBv1 in Windows 10 and Windows Server
Top Three Easy Methods to Block TCP Port 445 in Windows 10/7/XP

soccer97 · Jul 3, 2017

Ports 445 and 139 seem to be targeted. Some articles suggest creating rules to block incoming traffic (TCP?) on either your Router or Firewall.

As more threats emerge hopefully they will at least use some form of CVD.

Search

"Eternal Blues" Tool Tests Computers Against NSA's ETERNALBLUE Exploit

LASER_oneXM

Level 37

Deleted member 178

woodrowbone

Level 10

Deleted member 178

woodrowbone

Level 10

Deleted member 178

WinXPert

Level 25

Deleted member 178

ispx

Level 13

WinXPert

Level 25

soccer97

Level 11

Similar threads