关联漏洞
标题:
Microsoft Windows SMB 输入验证错误漏洞
(CVE-2017-0144)
描述:Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Server Message Block(SMB)Server是其中的一个为计算机提供身份验证用以访问服务器上打印机和文件系统的组件。 Microsoft Windows中的SMBv1服务器存在远程代码执行漏洞。远程攻击者可借助特制的数据包利用该
描述
Educational documentation on EternalBlue (CVE-2017-0144) – Windows SMB vulnerability, history, and mitigation. No exploit code.
介绍
# EternalBlue (CVE-2017-0144) – Educational Documentation
## 📌 Introduction
EternalBlue is the codename for a cyberattack exploit developed by the U.S. National Security Agency (NSA).
It takes advantage of a vulnerability in Microsoft’s Server Message Block (SMBv1) protocol on Windows systems, including **Windows 7 and Windows Server 2008**.
The exploit was leaked by the group **Shadow Brokers** in April 2017 and later weaponized in major global attacks such as **WannaCry** and **NotPetya**.
This repository is created **strictly for educational and research purposes** to help cybersecurity students understand the impact of EternalBlue, its history, and the mitigation techniques.
---
## ⚠️ Disclaimer
- This repository does **NOT** contain any exploit code, malware, or binaries.
- The content here is limited to **educational documentation, research notes, and diagrams**.
- The purpose is to raise awareness and improve understanding of one of the most significant vulnerabilities in modern cybersecurity history.
- Any misuse of the knowledge presented here is strictly prohibited.
---
## 🔎 Vulnerability Details
- **CVE ID:** [CVE-2017-0144](https://nvd.nist.gov/vuln/detail/CVE-2017-0144)
- **Affected Protocol:** Microsoft SMBv1
- **Impact:** Remote code execution (RCE)
- **Affected Systems:** Windows XP, Windows Vista, Windows 7, Windows Server 2008, and others
EternalBlue exploited a buffer overflow vulnerability in Microsoft’s SMBv1 protocol. This allowed attackers to remotely execute code on a target machine without authentication.
---
## 🕒 History & Impact
- **2017 (March):** Microsoft released patch MS17-010 (KB4012598).
- **2017 (April):** Shadow Brokers leaked the exploit.
- **2017 (May):** WannaCry ransomware outbreak infected hundreds of thousands of computers worldwide.
- **2017 (June):** NotPetya attack caused billions in damages, using EternalBlue as one of its spreading mechanisms.
---
## 🛡️ Mitigation
1. Apply Microsoft’s **MS17-010 security update**.
2. Disable **SMBv1 protocol** where possible.
3. Use modern operating systems and keep them up to date.
4. Implement network-level protections such as IDS/IPS to detect SMB exploitation attempts.
---
## 📚 References
- [Microsoft Security Bulletin MS17-010](https://learn.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010)
- [CVE-2017-0144 – NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-0144)
- [WannaCry Ransomware Attack (Wikipedia)](https://en.wikipedia.org/wiki/WannaCry_ransomware_attack)
- [NotPetya Cyberattack (Wikipedia)](https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine)
---
## ✅ Educational Purpose
This repository is intended for:
- Cybersecurity students
- Ethical hackers
- Researchers
- IT administrators learning from past vulnerabilities
⚡ **Remember:** Security through knowledge, not exploitation.
文件快照
[4.0K] /data/pocs/1c8e253f84068e9fc48f9dbb18e4de7595f42f47
├── [791K] Eternal Blue.png
├── [638K] Grand Access.png
├── [ 11K] LICENSE
├── [255K] nmaping1.png
├── [398K] Nmap-Scan.png
├── [820K] Payload.png
├── [2.9K] README.md
├── [296K] The system was successfully exploited..png
└── [791K] Use 0.png
0 directories, 9 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。