Windows 7 Eternalblue Vulnerable VM VirtualBox Setup

I’ve been fighting with this for some time, my Win7 VM environment is not vulnerable to the smb vulnerability EternalBlue exploit. I believe I am only different from you in that I’m utilizing VMWare Workstation.

Downloaded the Win7 VM:IE8 on Win7 (x86) for VMWare.

Started the VM with localhost only.
Set the HKLM registry key
Disabled firewall
Able to ping from Kali and see the traffic on Security Onion VMs.

Any thoughts?

Noted that it wasn’t scanning for MS17-010 as you noted in your lab. Double-checked and it was in the scripts folder, so I did a specific scan for the vuln. Results follow. It looks like it’s patched out of the box.

Ok, got it! I noted that regardless of the ISO I chose to download, Microsoft would give me the 64 bit version of Win 7. I actually ended up resorting to HeiDoc’s Windows ISO downloader to get a version that was vulnerable.

Hello Kelrizzo,

Sorry about the delay in response. I’m glad you were able to figure it out. So the Windows iso’s are patched out the box now? I’m going to have to modify the video if that’s the case. I’ll look into it. Thanks much.

Not a problem! Was a great and enjoyable series of labs.

I’m not sure what the issue was but as I noted, the VMWare version I downloaded was 64 bit, not 32 bit even though I know I clicked the x86 link. I actually tried the download more than once and kept getting the 64 bit version.

Like I mentioned, I used a HeiDoc tool to finally get a hold of a 32 bit version: https://www.heidoc.net/joomla/technology-science/microsoft/67-microsoft-windows-and-office-iso-download-tool.

@kelrizzo.mm

Which version of Windows 7 did you download from helidoc? The iso I downloaded from helidoc appear to be already patched as well.

Hi @Jesse_Kurrus

Going through your video on this one and this exploit is not available and patched. Looks like most ISO’s and VMs are now.
Any suggestions?

Hi @rachelvanbus, if the vulnerability is patched for the OSes you cannot do anything ideally.