Again, leveraging the intel collected during the information gathering and scanning phase, particularly the output of the MS17-010 SMB RCE Detection auxiliary module, we can move to our next vulnerable service.
Without going into too much detail, the MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption exploit module is a part of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers, generally believed to be developed by the U.S. National Security Agency (NSA) and used as part of the WannaCry ransomware attack. It is a buffer overflow in the memmove operation in Srv!SrvOs2FeaToNt that allows us to execute an arbitrary payload. This vulnerability affects Windows machines without security update MS17-010 for Microsoft Windows SMB Server SMBv1 Server.