The scanner is based on https://github.com/bhassani/EternalBlueC/blob/master/ms17_vuln_status.cpp

Credits to https://github.com/bhassani for this awesome work.

He has created a ms17 Vulnerability checker among many other things. The first thing that came into my mind after seeing that was that this can be made into a network vulnerability scanner!

For tests, I got the source (https://github.com/bhassani/EternalBlueC/blob/master/ms17_vuln_status.cpp) and edited it to take user input instead of command line argument as the target host to check. Just to make things easier for me.

Tested on Windows 7 Virtual machine that is indeed vulnerable to MS17.

Awesome!

Now to make a Network scanner with this, I’m going to use my Maalik Framework (https://github.com/quantumcored/maalik). I can’t make a Reflective DLL payload with this because sending the host to it from a file and then reading output from the same file would take alot of time for it.

I’m going to have to add this to the Maalik client itself.

The maalik scanner works by sending fhdawn (the maalik client) hosts to check. Their existence is then reported back to the server for later information gathering such as port scans.

I can also add same functionality for the eternal blue scanner.

The server sends host targets to check for eternal blue, Fhdawn scans and reports back. To do so, I had to modify the vulnerability scanner just a teeny bit.

Converted that code into a function that reports back to server.

https://github.com/quantumcored/maalik/blob/master/fhdawn/network.c#L124

Of course that needs improvements, I’m going to add more error handlers and do more tests before I make a release for this.

If you would like to make one yourself, Without using maalik. You can either use the same methods I use in maalik, Which are, sending information over sockets. Information such as the host to scan for ms17 etc.

Or you can make the scanner load the targets from a text file.

Let’s make a really simple socket based network scanner for you. 🙂

We will be

  • Making the TCP Server in Python, Which will accept connection from client, And give the user the ability to send target hosts to scan.
  • Making the Client in C, That receives the instruction to scan for ms17, And scans it using EternalBlueScan(host);

The Simple Socket Server

The Simple Scanner Client

And that is a basic prototype for all you who want to create their own ms17 scanner. 🙂

If you look closely you can see I modified the EternalBlue scan function. Just to pass in the socket parameter.

Compile And run the Code :

Here’s how it looks like when working :

Keep one thing in mind, That prototype lacks many many important things. Such as checks if the socket was created or not, IF the client connected or not. That is just basic code written to give you and understanding.

Thanks for reading.

Categories: Hacking

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x