SMBv1 Information Disclosure in Microsoft Windows (CVE-2017-0147)

This repository is a small lab/demo project built around a Metasploit exploit module and a harmless ransomware-themed batch script. Because it is part of the Metasploit framework, the main exploit file is ms17_010_eternalblue.rb, a Ruby Metasploit module implementing the EternalBlue SMB exploit against vulnerable Microsoft Windows SMBv1 targets. The module is clearly a real exploit, not just a detector: it performs SMB protocol interaction over TCP/445, supports anonymous or credentialed SMB authentication, uses the auxiliary/scanner/smb/smb_ms17_010 check module, and is designed to achieve remote kernel memory corruption leading to arbitrary code execution. The module metadata indicates support for multiple Windows versions including Windows 7, Windows Embedded Standard 7, Server 2008 R2, Windows 8/8.1, Server 2012, and some Windows 10 Pro builds, and references the MS17-010 vulnerability set (CVE-2017-0143 through CVE-2017-0148). In practical use, the README demonstrates pairing it with a windows/x64/meterpreter/reverse_tcp payload to obtain a SYSTEM-level Meterpreter session. Repository structure is simple: README.md documents a university lab exercise, exploitation workflow, post-exploitation commands, and mitigation via KB4012212; ms17_010_eternalblue.rb is the actual exploit module; wannacry64.bat is a separate Windows batch file that only simulates a WannaCry-style ransom screen. The batch file contains no encryption, persistence, propagation, or destructive logic; it displays a countdown, fake progress bar, sample filenames, and a hardcoded Bitcoin address as part of the visual demo. Overall, the repository’s purpose is educational: demonstrate exploitation of MS17-010 in an isolated lab, show post-exploitation access, and then illustrate a safe ransomware-themed payload simulation plus patch-based mitigation.