ISPY: Exploiting EternalBlue And BlueKeep Vulnerabilities With Metasploit

(241 views)

ispy is a Eternalblue (MS17-010) and BlueKeep (CVE-2019-0708) scanner and exploiter with Metasploit Framework.

What is eternalblue:

EternalBlue is a cyberattack exploit developed by the U.S. National Security Agency (NSA) according to testimony by former NSA employees. It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability. EternalBlue is the name given to a software vulnerability in Microsoft's Windows operating system. The tech giant has called it EternalBlue MS17-010 and issued a security update for the flaw on March 14. The patch was issued before the WannaCry ransomware spread around the world and those who had updated early would have been protected. The vulnerability works by exploiting the Microsoft Server Message Block 1.0. The SMB is a network file sharing protocol and 'allows applications on a computer to read and write to files and to request services' that are on the same network. Microsoft says the security update it issued is Critical and following WannaCry it released a rare Windows XP patch after officially ending support for the software in 2014.

What is Bluekeep:

BlueKeep (CVE-2019-0708) is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol, which allows for the possibility of remote code execution. Bluekeep or CVE-2019-0708 is an RCE exploit that effects the following versions of Windows systems: + Windows 2003 + Windows XP + Windows Vista + Windows 7 + Windows Server 2008 + Windows Server 2008 R2

How to install:

git clone https://github.com/Cyb0r9/ispy.git
cd ispy
chmod +x setup.sh
./setup.sh

For other Linux distros, open your terminal and enter these commands to install Metasploit Framework:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
msfinstall

Then, enter these commands to install ispy:

git clone https://github.com/Cyb0r9/ispy
cd ispy
sudo bash setup.sh
sudo bash ispy

Tested On:

  • Parrot OS
  • Kali linux

1

1

1

1

Tutorial (How to use ispy)

Youtube Channel (Cyborg)

https://youtube.com/c/Cyborg_TN

Information:

Disclaimer:

Usage of ispy for attacking targets without prior mutual consent is illegal. ispy is for security testing purposes only.

October 11, 2019
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.