Select Page

So by now everyone should have heard of WannaCry and all the variants. Here is a good rundown on https://en.wikipedia.org/wiki/WannaCry_ransomware_attack. It stems from tools being made available that the NSA used in exploiting holes in the Windows SMB http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0145. Just goes to show again that patching is important. Had folks patched their PCs when the patch was made available the ransomware would have just remained local to the victim and not been able to propagate. You can read up on the eternalblue remote exploit and the “kill switch” that was discovered as well in the Wiki article above.

I wanted to throw up a quick video on how it looks and works etc… but for now I at least wanted to help make it easier to discover machines on your network that “may” be vulnerable by using metasploit.

From the metasploit console:


#use/auxiliary/scanner/smb/smb_ms17_010
#set rhosts <enter the IP of the machine to check>
#exploit

The result of this will show a message stating the likelihood of the machine being vulnerable, meaning it has not been patched.  Make sure your environment stays as current as possible.

You may also find it interesting to track this twitter account since it is a twitterbot keeping track on the Bitcoin accounts that are listed in the WanaCry ransomware. It is showing how much the ransomware has collected so far. https://twitter.com/actual_ransom.

 

Facebook Comments

Related Post

Apache Struts 2 (CVE-2017-5638) Apache Struts 2 Vulnerability (CVE-2017-5638) On 3/6/2017 a vulnerability was found in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10....
Microsoft Windows LNK CVE-2017-8464 Microsoft Windows LNK CVE-2017-8464. This is not the first time a LNK vulnerability has come around and caused issues for Windows machines. Probably w...
WannaCry Hackers Withdraw Bitcoins Worth $143,000 The Hackers behind WannaCry Ransomware have finally withdrawn their Bitcoins.The ransomware that took the media by storm and caused havoc at b...
Data Breach at UCF As reported by Fox 35 in Orlando, it appears the University of Central Florida is now the victim of a data breach. The data breach has resulte...
Share This