ATTACK [PTsecurity] Metasploit MS17-010 ETERNALCHAMPION Successful kernel data leak (CVE-2017-0146)

SID: 10001720Rev: 13 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert smb $HOME_NET any -> any any (msg:"ATTACK [PTsecurity] Metasploit MS17-010 ETERNALCHAMPION Successful kernel data leak (CVE-2017-0146)"; flow:established, from_server; content:"|FF|SMB|A0|"; content:"Frag"; within:115; flowbits:isset, EternalRomance.RaceCondition.Attempt; reference:cve, 2017-0146; reference:url, github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5; reference:url, blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001720; rev:1;)

References

cve	2017-0146
url	github.com/rapid7/metasploit-framework/commit/c9473f8cbc147fe6ff7fe27862fd3d1e9f27c4f5
url	blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!