A Security researcher and open source contributor Worawit Wang has made an exploit derived from EternalSynergy whose main purpose is to attack the newer versions of Windows.
The EternalSynergy is similar to the EternalBlue tool and uses a vulnerability in SMBv1 (CVE-2017-0143) which is a windows file sharing protocol. The Exploit developed by Wang was able to successfully gain RCE (remote code Execution) access on systems using windows 8 and lower versions of windows.
EternalSynergy is one of the NSA hacking tools released by the Shadow Brokers, along with EternalBlue and EternalRomance. EternalBlue was the main tool used in the Wannacry ransomware. Wannacry ransomware attack was one of the biggest ransomware attacks, along with that NotPetya ransomware also had an outrageous effect.
According to the Microsoft’s analysis of the NSA hacking tools, the tools cannot exploit windows 10 OS because of the advancements made in the kernel. The statement was specifically made for EternalSynergy.
Wang says that unlike the previous exploit which used EternalBlue, the new exploit will not crash the windows. The previous exploit using EternalBlue only had it effect on windows 7 systems whereas when any Windows XP system has exploited the system used to crash.
“This method should not crash any target and chances to crash a target is nearly 0%,” said Worawit Wang.
The exploit can be used on the following versions of windows:
Windows 2016 x64
Windows 2012 R2 x64
Windows 8.1 x64
Windows 2008 R2 SP1 x64
Windows 7 SP1 x64
Windows 8.1 x86
Windows 7 SP1 x86
Find The Exploit Here
With this exploit in addition to the other, now CVE-2017-0143 can compromise 75% of windows computers if not patched.
The Exploit by Worawit Wang is available at his GitHub and ExploitDB.
If you want a detailed guide on how to use this exploit then you can find the step-by-step guide published by Sheila A. Berta (security Researcher, controlTelefonica’s Eleven Paths security unit).
Windows has released a major security update to patch the vulnerability in SMBv1 protocol. Users are requested to patch their systems with MS17-010 as soon as possible.
Even if you have installed the patches, you are advised to disable (SMBv1) protocol.
Steps to disable SMBv1:
1Go to Windows’ Control Panel and open ‘Programs.’
2.Open ‘Features’ under Programs and click ‘Turn Windows Features on and off.’
3.Now, scroll down to find ‘SMB 1.0/CIFS File Sharing Support’ and uncheck it.
4.Then click OK, close Control Panel and restart the computer.