ATTACK [PTsecurity] Metasploit MS17-010 ETERNALCHAMPION Race Condition Exploit. NT Trans Secondary packet follows NT Trans Req (CVE-2017-0146)

SID: 10001719Rev: 12 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert smb any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Metasploit MS17-010 ETERNALCHAMPION Race Condition Exploit. NT Trans Secondary packet follows NT Trans Req (CVE-2017-0146)"; flow:established, no_stream, to_server; content:"|FF|SMB|A1|"; flowbits:isset, EternalRomance.RaceCondition.Possible; flowbits:set, EternalRomance.RaceCondition.Attempt; threshold:type both, track by_src, count 1, seconds 60; reference:cve, 2017-0146; reference:url, github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5; reference:url, blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001719; rev:1;)

References

cve	2017-0146
url	github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5
url	blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!